CVE-2023-1716

Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.

Publication date: Wed, 01 Nov 2023 15:15:00 +0000


Cyber News related to CVE-2023-1716

Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
1 year ago Cisa.gov
CVE-2007-5249 - Multiple buffer overflows in the logging function in the Unreal engine, as used by America's Army and America's Army Special Forces 2.8.2 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to cause a denial of service ...
6 years ago
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
6 months ago Tenable.com
Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
1 year ago Microsoft.com
CVE-2023-1716 - ...
1 year ago
CVE-2021-1716 - Microsoft Word Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-1715. ...
3 years ago
CVE-2006-1716 - Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already ...
6 years ago
CVE-2021-28816 - A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following ...
2 years ago
CVE-2021-34343 - A stack buffer overflow vulnerability has been reported to affect QNAP device running QTS, QuTScloud, QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following ...
2 years ago
CVE-2005-1716 - TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses. ...
16 years ago
CVE-2009-1716 - CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. ...
15 years ago
CVE-2004-1716 - Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile. ...
7 years ago
CVE-2010-1716 - SQL injection vulnerability in the Agenda Address Book (com_agenda) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. ...
7 years ago
CVE-2016-1716 - AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. ...
7 years ago
CVE-2007-1716 - pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges. ...
7 years ago
CVE-2011-1716 - Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
6 years ago
CVE-2008-1716 - Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled ...
6 years ago
CVE-2014-1716 - Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ...
6 years ago
CVE-2015-1716 - Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman ...
5 years ago
CVE-2017-1716 - IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638. ...
5 years ago
CVE-2018-1716 - IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure ...
5 years ago
CVE-2020-1716 - A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain ...
3 years ago
CVE-2012-1716 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability ...
2 years ago
CVE-2002-1716 - The Host() function in the Microsoft spreadsheet component on Microsoft Office XP allows remote attackers to create arbitrary files using the SaveAs capability. ...
1 year ago
CVE-2019-1716 - A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) ...
5 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)