» admin

CVE-2023-42639

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-42639

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Source: CVE-2023-42639

CVE-2023-42638

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-42638

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Source: CVE-2023-42638

CVE-2023-42637

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-42637

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Source: CVE-2023-42637

CVE-2023-42635

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-42635

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Source: CVE-2023-42635

CVE-2023-1719

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-1719

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.

Source: CVE-2023-1719

CVE-2023-42633

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-42633

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Source: CVE-2023-42633

CVE-2023-42634

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-42634

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Source: CVE-2023-42634

CVE-2023-42632

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-42632

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Source: CVE-2023-42632

CVE-2023-42636

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-42636

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

Source: CVE-2023-42636

CVE-2023-1716

Posted on 2023년 11월 1일2023년 11월 1일 by admin

CVE-2023-1716

Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.

Source: CVE-2023-1716