id: CVE-2023-1719 info: name: Bitrix Component - Cross-Site Scripting author: DhiyaneshDk severity: critical description: | Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables. reference: - https://starlabs.sg/advisories/23/23-1719/ - https://nvd.nist.gov/vuln/detail/CVE-2023-1719 - https://github.com/20142995/sectool classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-1719 cwe-id: CWE-665 epss-score: 0.02754 epss-percentile: 0.90563 cpe: cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: bitrix24 product: bitrix24 shodan-query: - html:"/bitrix/" - http.html:"/bitrix/" fofa-query: body="/bitrix/" tags: cve2023,cve,bitrix,xss,bitrix24 http: - method: GET path: - "{{BaseURL}}/bitrix/components/bitrix/socialnetwork.events_dyn/get_message_2.php?log_cnt=" matchers-condition: and matchers: - type: word part: body words: - "'LOG_CNT':" - "" condition: and - type: word part: header words: - text/html - type: status status: - 200 # digest: 4b0a004830460221009d02b34971e2f1e10fe09f6ac41b7d29334c9f69e1e488739b3711803ec615be0221008694e2d730b3d526a4bc14049eec9ec828e26cd4147d26b97966da12cd6f6d44:922c64590222798bb761d5b6d8e72950