CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

191 matches found

Cvelist•added 2020/06/24 2:33 p.m.•12 views

CVE-2020-13483

The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the itemsITEMSID parameter to the components/bitrix/mobileapp.list/ajax.php/ URI...

6AI score0.04511EPSS

Exploits1References1

CVE•added 2020/06/24 2:33 p.m.•144 views

CVE-2020-13483

CVE-2020-13483 : Bitrix24 Web Application Firewall (WAF)

6.1CVSS5.9AI score0.04511EPSS

Exploits1References1Affected Software1

Cvelist•added 2020/06/24 2:28 p.m.•18 views

CVE-2020-13484

Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing 'meta name="og:image" content="' followed by an intranet URL...

9.4AI score0.02028EPSS

Exploits1References1

CVE•added 2020/06/24 2:28 p.m.•74 views

CVE-2020-13484

Bitrix24 (up to and including 20.0.975, and earlier) is affected by an SSRF vulnerability in services/main/ajax.php?action=attachUrlPreview. The root cause is an insecure handling of an intranet URL when the destination HTML document contains a tag that is followed by an intranet URL. This allow...

9.8CVSS9.2AI score0.02028EPSS

Exploits1References1Affected Software1

CNVD•added 2020/06/02 12:0 a.m.•3 views

Bitrix24 Web Application Firewall Cross-Site Scripting Vulnerability

Bitrix24 is a suite of enterprise social platforms from Bitrix, USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management.Web Application Firewall is one of the Web Application Firewalls. A cross-site scripting vulnerability...

6.1CVSS6.3AI score0.0086EPSS

Exploits1References1

OSV•added 2020/06/01 7:15 p.m.•1 views

CVE-2020-13758

modules/security/classes/general.postfilter.php/postfilter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload...

6.1CVSS6.4AI score0.0086EPSS

Exploits1References1

NVD•added 2020/06/01 7:15 p.m.•8 views

CVE-2020-13758

modules/security/classes/general.postfilter.php/postfilter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload...

6.1CVSS6AI score0.0086EPSS

Exploits1References1

Prion•added 2020/06/01 7:15 p.m.•15 views

Cross site scripting

modules/security/classes/general.postfilter.php/postfilter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload...

4.3CVSS6AI score0.0086EPSS

Exploits1References1Affected Software1

CVE•added 2020/06/01 6:32 p.m.•102 views

CVE-2020-13758

The CVE-2020-13758 issue affects Bitrix24 Web Application Firewall prior to or up to 20.0.950, specifically the modules/security/classes/general.post_filter.php/post_filter.php. The vulnerability is an XSS flaw introduced by the ability to place a NULL byte (%00) before the payload, enabling an a...

6.1CVSS5.9AI score0.0086EPSS

Exploits1References1Affected Software1

Cvelist•added 2020/06/01 6:32 p.m.•12 views

CVE-2020-13758

modules/security/classes/general.postfilter.php/postfilter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload...

6AI score0.0086EPSS

Exploits1References1