RSS   Podatności dla 'Bitrix24'   RSS

2022-03-22
 
CVE-2022-27228

CWE-20
 

 
In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code.

 
2020-06-24
 
CVE-2020-13484

CWE-918
 

 
Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL.

 
 
CVE-2020-13483

CWE-79
 

 
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.

 

 >>> Vendor: Bitrix24 2 Produkty
Bitrix24
Bitrix framework


Copyright 2024, cxsecurity.com

 

Back to Top