Critical severity9.0NVD Advisory· Published Nov 1, 2023· Updated Jun 17, 2026
CVE-2023-1716
CVE-2023-1716
Description
Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.
Affected products
2Patches
Vulnerability mechanics
References
1- starlabs.sg/advisories/23/23-1716/nvdBroken LinkExploit
News mentions
0No linked articles in our index yet.