RSS   Vulnerabilities for 'Bitrix24'   RSS

2020-06-24
 
CVE-2020-13484

CWE-918
 

 
Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL.

 
 
CVE-2020-13483

CWE-79
 

 
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.

 


Copyright 2020, cxsecurity.com

 

Back to Top