Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as cross-site scripting, but that is inconsistent with the common use of the term.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Bitrix_site_manager | Bitrix | 4.0.7 | 4.0.7 |
Bitrix_site_manager | Bitrix | 4.0.3 | 4.0.3 |
Bitrix_site_manager | Bitrix | 4.0.4 | 4.0.4 |
Bitrix_site_manager | Bitrix | 4.0.2 | 4.0.2 |
Bitrix_site_manager | Bitrix | 4.0.6 | 4.0.6 |
Bitrix_site_manager | Bitrix | 4.0.8 | 4.0.8 |
Bitrix_site_manager | Bitrix | 4.0.5 | 4.0.5 |
Bitrix_site_manager | Bitrix | 4.1.0 | 4.1.0 |
Bitrix_site_manager | Bitrix | 4.0.0 | 4.0.0 |