CVE-2023-1715

CVSS V2 None CVSS V3 None
Description
A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload.
Overview
  • CVE ID
  • CVE-2023-1715
  • Assigner
  • STAR_Labs
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-11-01T09:03:05.343Z
  • Last Modified Date
  • 2023-11-01T09:03:05.343Z
References
Reference URL Reference Tags
https://starlabs.sg/advisories/23/23-1715/ third-party-advisory
History
Created Old Value New Value Data Type Notes
2024-06-25 08:45:27 Added to TrackCVE