Summary: Product Bitrix24 Vendor Bitrix24 Severity Critical Affected Versions Bitrix24 22.0.300 (latest version as of writing) Tested Versions Bitrix24 22.0.300 (latest version as of writing) CVE Identifier CVE-2023-1717 CVE Description Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server i...
