Vulnerabilities > Bitrix24 > Bitrix24

DATE CVE VULNERABILITY TITLE RISK
2020-06-24 CVE-2020-13484 Server-Side Request Forgery (SSRF) vulnerability in Bitrix24 20.0.0/20.0.975
Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL.
network
low complexity
bitrix24 CWE-918
7.5
7.5
2020-06-24 CVE-2020-13483 Cross-site Scripting vulnerability in Bitrix24 20.0.0
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
network
bitrix24 CWE-79
4.3
4.3