Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bitrix24 Stored Cross-Site Scripting (XSS) via Improper Input Neutralization on Invoice Edit Page (2 of 2)
Vulnerability Description
Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Bitrix24 跨站脚本漏洞
Vulnerability Description
Bitrix24是美国Bitrix公司的一套企业社交平台。该平台包括在线通讯、日历管理和CRM(客户关系管理)等功能。 Bitrix24 22.0.300版本存在安全漏洞,该漏洞源于Invoice Edit Page存在跨站脚本(XSS)漏洞。攻击者可利用该漏洞在受害者的浏览器中执行任意JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A