A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows malicious users to bypass XSS sanitisation via placing HTML tags at the begining of the payload.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bitrix24 bitrix24 22.0.300 |