Critical severity9.6NVD Advisory· Published Nov 1, 2023· Updated Jun 17, 2026
CVE-2023-1720
CVE-2023-1720
Description
Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: = 22.0.300
Patches
Vulnerability mechanics
References
1- starlabs.sg/advisories/23/23-1720/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.