2 matches found
PT-2023-6688 · Bitrix · Bitrix24
Name of the Vulnerable Software and Affected Versions: Bitrix24 version 22.0.300 Description: The issue is related to the lack of a mime type response header in Bitrix24, which allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser. If the victim has...
CVE-2017-11560
An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the applicatio...