CVE-2023-1716: Bitrix24 Stored Cross-Site Scripting (XSS) via Improper Input Neutralization on Invoice Edit Page (2 of 2)
First published: Wed Nov 01 2023(Updated: )
Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.
Credit: info@starlabs.sg
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bitrix24 Bitrix24 | =22.0.300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-1716?
CVE-2023-1716 is a cross-site scripting (XSS) vulnerability in the Invoice Edit Page of Bitrix24 22.0.300.
How does CVE-2023-1716 affect Bitrix24?
CVE-2023-1716 allows attackers to execute arbitrary JavaScript code in the victim's browser and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.
What is the severity of CVE-2023-1716?
CVE-2023-1716 has a severity rating of 9, which is considered critical.
How can I fix CVE-2023-1716 in Bitrix24?
To fix CVE-2023-1716, it is recommended to update Bitrix24 to version 22.0.301 or later.
Where can I find more information about CVE-2023-1716?
You can find more information about CVE-2023-1716 on the Star Labs advisory page: https://starlabs.sg/advisories/23/23-1716/
- collector/mitre-cve
- collector/nvd-api
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- vendor/bitrix24
- canonical/bitrix24 bitrix24
- version/bitrix24 bitrix24/22.0.300