virus logo FortiClient Vulnerability

Security Vulnerabilities fixed in Bitrix24 25-05-2020

description-logoDescription

Bitrix24 through 20.0.975 allows Server-Side Request Forgery (SSRF) via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter. Versions before 20.0.0 allows Cross-Site Scripting (XSS) via items [ITEMS][ID] parameter.

affected-products-logoAffected Applications

Bitrix24

Version Updates

Date Version Detail
2022-01-05 1.285 Bitrix24
2021-11-25 1.278 Bitrix24
2021-10-07 1.269 Bitrix24

CVE References

CVE-2020-13484 CVE-2020-13483

Other References

https://gist.github.com/mariuszpoplwski/f261a4bc06adde5c78760559db9d63bd
ID 2414
Created Oct 07, 2021
Description
Updated		 Nov 07, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Bitrix
Patch manual
Application Bitrix24