Unrated severityNVD Advisory· Published Nov 1, 2023· Updated Sep 5, 2024
Bitrix24 Cross-Site Scripting (XSS) via Client-side Prototype Pollution
CVE-2023-1717
Description
Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting __proto__[tag] and __proto__[text].
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- starlabs.sg/advisories/23/23-1717/mitrethird-party-advisory
News mentions
0No linked articles in our index yet.