CVE-2023-42642
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Source: CVE-2023-42642
CVE-2023-42642
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Source: CVE-2023-42642
CVE-2023-42641
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Source: CVE-2023-42641
CVE-2023-42644
In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Source: CVE-2023-42644
CVE-2023-42647
In Ifaa service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Source: CVE-2023-42647
CVE-2023-1718
Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url".
Source: CVE-2023-1718
CVE-2023-1716
Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.
Source: CVE-2023-1716
CVE-2023-42636
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Source: CVE-2023-42636
CVE-2023-42632
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Source: CVE-2023-42632
CVE-2023-42634
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Source: CVE-2023-42634
CVE-2023-42633
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
Source: CVE-2023-42633