CVE Tools

bitrix

Web & CMS Pluginscommercial

9

Cumulative CVEs

4

Monthly snapshots

#20

Peak rank

Top products

xscan1 mpbuilder1

Latest CVEs

The 11 most recently published vulnerabilities affecting bitrix.

CVE-2017-20122Bitrix Site Manager Contact Form cross site scripting3.5Jun 30, 2022
CVE-2020-13758modules/security/classes/general.post_filter.php/post_filter.php in the Web Application Firewall in Bitrix24 through 20.0.950 allows XSS by placing %00 before the payload.6.1Jun 1, 2020
CVE-2015-8358Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element...9.0Dec 16, 2015
CVE-2015-8357Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or ca...6.5Dec 16, 2015
CVE-2013-6788The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and by...7.5May 30, 2014
CVE-2006-2479The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute ar...5.0May 19, 2006
CVE-2006-2478Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site script...5.0May 19, 2006
CVE-2006-2477Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs.4.9May 19, 2006
CVE-2006-2476Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.5.0May 19, 2006
CVE-2005-1995Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message.5.0Jun 20, 2005
CVE-2005-1996PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter.5.0Jun 20, 2005