4 matches found
CVE-2023-1715
A logic error when using mbstrpos to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload...
CVE-2023-1715
A logic error when using mbstrpos to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload...
CVE-2023-1715 Bitrix24 Stored Cross-Site Scripting (XSS) via Improper Input Neutralization on Invoice Edit Page (1 of 2)
A logic error when using mbstrpos to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload...
CVE-2023-1715
CVE-2023-1715 affects Bitrix24 22.0.300. A logic error in mb_strpos() used to detect potential XSS payload allows bypassing XSS sanitisation by placing HTML tags at the beginning of the payload. The connected PT-2023-6693 documentation confirms Bitrix24 22.0.300 and suggests mitigation steps (e.g...