CVE-2023-1717
Summary
A prototype pollution vulnerability exists in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 version 22.0.300. This flaw allows remote attackers to execute arbitrary JavaScript in a victim's browser and potentially arbitrary PHP code on the server if the victim has administrator privileges.
IFF Assessment
This vulnerability allows for arbitrary code execution, which is a severe threat to system security.
Severity
Defender Context
This is a critical vulnerability that allows for remote code execution, posing a significant risk to Bitrix24 installations. Defenders should prioritize patching or mitigating this vulnerability to prevent potential server compromise and data theft. Ongoing vigilance against prototype pollution attacks is crucial for web application security.