4.3
CVSSv2

CVE-2020-13483

Published: 24/06/2020 Updated: 29/06/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.

Vulnerability Trend

Affected Products

Vendor Product Versions
Bitrix24Bitrix2420.0.0