Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.
References
Link | Resource |
---|---|
https://starlabs.sg/advisories/23/23-1716/ | Broken Link Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: STAR_Labs
Published: 2023-11-01T09:03:24.512Z
Updated: 2023-11-01T09:03:24.512Z
Reserved: 2023-03-30T09:16:29.698Z
Link: CVE-2023-1716
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-01T10:15:09.183
Modified: 2023-11-09T20:47:06.643
Link: CVE-2023-1716
JSON object: View
Redhat Information
No data.
CWE