4 matches found
CVE-2023-1719
creationtimestamp| type| source ---|---|--- 2023-11-01 13:21:47+00:00| seen| https://t.me/cibsecurity/73309 2023-11-04 17:44:37+00:00| seen| Telegram/993IQTAEI9abMkOWl8mkHJFNRp2-d18TbGN-UxF0pN3nA 2023-11-04 22:44:13+00:00| seen| https://t.me/poxek/3380 2023-11-04 23:56:08+00:00| seen|...
CVE-2023-1719
CVE-2023-1719 affects Bitrix24 22.0.300 and is caused by overwriting uninitialised variables in bitrix/modules/main/tools.php. This enables unauthenticated attackers to enumerate server attachments, inject arbitrary JavaScript in victims’ browsers, and potentially execute arbitrary PHP code on th...
CVE-2023-1719 Bitrix24 Insecure Global Variable Extraction
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to 1 enumerate attachments on the server and 2 execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim ha...
CVE-2023-1719 Bitrix24 Insecure Global Variable Extraction
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to 1 enumerate attachments on the server and 2 execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim ha...