Bitrix : Security Vulnerabilities, CVEs, CVSS score >= 6

CVE-2020-13758

modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.
Max CVSS
6.1
EPSS Score
0.09%
Published
2020-06-01
Updated
2020-06-02

CVE-2015-8358

Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element name of the "work" array parameter to admin/bitrix.mpbuilder_step2.php.
Max CVSS
9.0
EPSS Score
2.67%
Published
2015-12-16
Updated
2018-10-09

CVE-2015-8357

Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. (dot dot) in the file parameter to admin/bitrix.xscan_worker.php.
Max CVSS
6.5
EPSS Score
2.42%
Published
2015-12-16
Updated
2018-10-09

CVE-2013-6788

The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.
Max CVSS
7.5
EPSS Score
0.75%
Published
2014-05-30
Updated
2014-06-26
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close