CVE-2023-1720: Bitrix24 Stored Cross-Site Scripting (XSS) via File Upload
First published: Wed Nov 01 2023(Updated: )
Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile.
Credit: info@starlabs.sg
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Citrix Receiver | =22.0.300 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2023-1720.
What is the title of this vulnerability?
The title of this vulnerability is Bitrix24 Stored Cross-Site Scripting (XSS) via File Upload.
What is the severity of CVE-2023-1720?
The severity of CVE-2023-1720 is critical with a score of 9.6 (out of 10).
How does this vulnerability work?
This vulnerability allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser and possibly execute arbitrary PHP code on the server if the victim has administrator privilege by uploading a crafted HTML file.
How can I fix this vulnerability in Bitrix24 22.0.300?
To fix this vulnerability, update Bitrix24 to version 22.0.301 or later.
- agent/type
- agent/event
- agent/first-publish-date
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/bitrix24
- canonical/citrix receiver
- version/citrix receiver/22.0.300