Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code…
Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute…
A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags…
Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files…
Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a…
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service…
In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional…
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution…
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution…
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution…