{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T15:23:26.748","vulnerabilities":[{"cve":{"id":"CVE-2023-1716","sourceIdentifier":"info@starlabs.sg","published":"2023-11-01T10:15:09.183","lastModified":"2026-06-17T05:28:36.270","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"\nCross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.\n\n\n\n\n\n"},{"lang":"es","value":"Vulnerabilidad de  Cross-site scripting (XSS) en la página de edición de facturas en Bitrix24 22.0.300 permite a los atacantes ejecutar código JavaScript arbitrario en el navegador de la víctima y posiblemente ejecutar código PHP arbitrario en el servidor si la víctima tiene privilegios de administrador."}],"affected":[{"source":"info@starlabs.sg","affectedData":[{"vendor":"Bitrix24","product":"Bitrix24","defaultStatus":"unaffected","programFiles":["file:bitrix/modules/security/lib/filter/auditor/xss.php"],"versions":[{"version":"0","lessThanOrEqual":"22.0.300","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"info@starlabs.sg","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-09-05T19:52:29.532953Z","id":"CVE-2023-1716","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"info@starlabs.sg","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bitrix24:bitrix24:22.0.300:*:*:*:*:*:*:*","matchCriteriaId":"D47D6185-F86F-4402-85C1-C0A0EAE09B0D"}]}]}],"references":[{"url":"https://starlabs.sg/advisories/23/23-1716/","source":"info@starlabs.sg","tags":["Broken Link","Exploit"]},{"url":"https://starlabs.sg/advisories/23/23-1716/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Exploit"]}]}}]}