All 8 CVE vulnerabilities found in Bitrix24, with AI-generated Chinese analysis, references, and POCs.
Vendor: Bitrix24
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-1720 | Bitrix24 Stored Cross-Site Scripting (XSS) via File Upload CWE-434 | 9.6 | Critical | 2023-11-01 |
| CVE-2023-1719 | Bitrix24 Insecure Global Variable Extraction CWE-665 | 7.5 | High | 2023-11-01 |
| CVE-2023-1718 | Bitrix24 Denial-of-Service (DoS) via Improper File Stream Access CWE-835 | 7.5 | High | 2023-11-01 |
| CVE-2023-1717 | Bitrix24 Cross-Site Scripting (XSS) via Client-side Prototype Pollution CWE-79 | 9.6 | Critical | 2023-11-01 |
| CVE-2023-1716 | Bitrix24 Stored Cross-Site Scripting (XSS) via Improper Input Neutralization on Invoice Edit Page (2 of 2) CWE-79 | 9.0 | Critical | 2023-11-01 |
| CVE-2023-1715 | Bitrix24 Stored Cross-Site Scripting (XSS) via Improper Input Neutralization on Invoice Edit Page (1 of 2) CWE-79 | 9.0 | Critical | 2023-11-01 |
| CVE-2023-1714 | Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction CWE-502 | 8.8 | High | 2023-11-01 |
| CVE-2023-1713 | Bitrix24 Remote Command Execution (RCE) via Insecure Temporary File Creation CWE-434 | 8.8 | High | 2023-11-01 |
All 8 known CVE vulnerabilities affecting Bitrix24 with full Chinese analysis, references, and POCs where available.