CVE-2020-13758: 
Homebrew vulnerability analysis and mitigation

The vulnerability (CVE-2020-13758) affects the Web Application Firewall (WAF) in Bitrix24 through version 20.0.950. The vulnerability allows cross-site scripting (XSS) attacks by placing %00 (null byte) before the payload, effectively bypassing the WAF's protection mechanisms (Deteact Blog).

The vulnerability exists in the post-filtration module located in modules/security/classes/general.postfilter.php/postfilter.php. The WAF's protection mechanism attempts to find user input in script tag bodies, but it removes null bytes from input parameter values during processing. This creates a mismatch between the actual script content and the filtered parameter values, allowing attackers to bypass the XSS protection by inserting a null byte (%00) before the malicious payload (Deteact Blog).

The vulnerability allows attackers to execute arbitrary JavaScript code in the context of the victim's browser by bypassing the WAF's XSS protection mechanisms. This could lead to theft of sensitive information, session hijacking, or other client-side attacks (Deteact Blog).

The vulnerability can be mitigated by removing the str_replace call from the addVariable function or by applying the same modification to the $body variable in the isDangerBody function. Additionally, organizations should not solely rely on WAF protection and should implement secure development practices and regular penetration testing (Deteact Blog).