CVE-2017-20122
Summary
| CVE | CVE-2017-20122 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-06-30 05:15:00 UTC |
| Updated | 2022-07-09 00:20:00 UTC |
| Description | A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src="http://1"; on onerror="$(’p').text(’Hacked’)" /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bitrix24 | Bitrix Site Manager | 12.06.2015 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2017-20122 | Bitrix Site Manager Contact Form cross site scripting | N/A | vuldb.com | |
| Full Disclosure: Cross-Site Scripting vulnerability in Bitrix Site Manager | N/A | seclists.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.