The vulnerability of the Bitrix24 business management service lies in the absence of a proper HTTP response header, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the bitrix/modules/main/tools.php component of the Bitrix24 business management service is related to the absence of a MIME response header. Exploiting this vulnerability allows an attacker to execute arbitrary JavaScript code by uploading a created HTML file through...