Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bitrix24 Stored Cross-Site Scripting (XSS) via Improper Input Neutralization on Invoice Edit Page (1 of 2)
Vulnerability Description
A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Bitrix24 跨站脚本漏洞
Vulnerability Description
Bitrix24是美国Bitrix公司的一套企业社交平台。该平台包括在线通讯、日历管理和CRM(客户关系管理)等功能。 Bitrix24 22.0.300版本存在安全漏洞,该漏洞源于函数mb_strpos()存在跨站脚本(XSS)漏洞。攻击者可利用该漏洞通过在有效负载的开头放置HTML标签来绕过XSS过滤。
CVSS Information
N/A
Vulnerability Type
N/A