Name of the Vulnerable Software and Affected Versions Bitrix24 (affected versions not specified)

Description The issue exists due to insufficient input validation of the arParams[API KEY] parameter in the map.google component of the Bitrix24 business management service. This could allow a remote attacker to execute arbitrary JavaScript code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.