CVE-2023-1715

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Nov 1, 2023

Updated: Nov 8, 2023

CWE ID 79

Summary

CVE-2023-1715 is a logic error affecting Bitrix24 version 22.0.300. This vulnerability allows attackers to bypass the XSS sanitization feature by inserting HTML tags at the beginning of a potential payload when using mb_strpos(). This error can potentially lead to code injection and unintended execution of malicious code within the application.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Bitrix24

Affected Vendors

Bitrix24

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tOqLS8
https://www.cve.org/CVERecord?id=CVE-2023-1715
https://nvd.nist.gov/vuln/detail/CVE-2023-1715

Back to Vulnerability Database