Product
bitrix24
21 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-34891
CVE-2024-34885
CVE-2024-34887
CVE-2024-34883
CVE-2024-34882
CVE-2023-1720
CVE-2023-1719
CVE-2023-1718
CVE-2023-1717
CVE-2023-1716
CVE-2023-1715
CVE-2023-1714
CVE-2023-1713
CVE-2022-43959
CVE-2017-20122
CVE-2022-27228
CVE-2020-28206
CVE-2020-13484
CVE-2020-13483
CVE-2020-13758
CVE-2008-2052
all versions
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read
all versions
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read
all versions
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to s
all versions
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read p
all versions
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send
all versions
Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code
all versions
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) en
all versions
Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote att
all versions
Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote
all versions
Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScrip
all versions
A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS saniti
all versions
Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticate
all versions
Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP S
<= 22.200.200
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administ
all versions
A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknow
< 21.0.100
In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbi
all versions
An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration and Improper Restriction of E
<= 20.0.975
Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url paramet
<= 20.0.0
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mob
<= 20.0.950
modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allo
all versions
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web