A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src="http://1"; on onerror="$(’p').text(’Hacked’)" /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2017/Feb/3 | Exploit Mailing List Third Party Advisory |
https://vuldb.com/?id.96643 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: VulDB
Published: 2022-06-30T05:05:22
Updated: 2022-06-30T05:05:21
Reserved: 2022-06-27T00:00:00
Link: CVE-2017-20122
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-30T05:15:07.067
Modified: 2022-07-09T00:20:57.390
Link: CVE-2017-20122
JSON object: View
Redhat Information
No data.