IDCVSSSummaryLast (major) updatePublished
CVE-2020-13484 7.5
Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet U
02-07-2020 - 18:27 24-06-2020 - 15:15
CVE-2020-13483 4.3
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
29-06-2020 - 18:58 24-06-2020 - 15:15
CVE-2022-27228 10.0
In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code.
28-03-2022 - 20:40 22-03-2022 - 18:15
CVE-2022-43959 None
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldap_server_edit.php.
08-08-2023 - 14:22 20-01-2023 - 15:15
Back to Top Mark selected
Back to Top