CVE-2023-1716
Summary
A cross-site scripting (XSS) vulnerability has been identified in the Invoice Edit Page of Bitrix24 version 22.0.300. This flaw allows attackers to execute arbitrary JavaScript in a victim's browser and potentially arbitrary PHP code on the server if the victim has administrator privileges.
IFF Assessment
FOE
This vulnerability allows for code execution, which is a direct threat to systems and data.
Severity
9.0
Critical
Defender Context
This XSS vulnerability in Bitrix24 could be exploited by attackers to steal session cookies or inject malicious scripts into users' browsers. Defenders should prioritize patching affected Bitrix24 instances and monitor for any unusual activity related to the Invoice Edit Page.