Xbtit SQL Injection Vulnerability

Xbtit is an open source tracker software. version 3.1 of Xbtit is vulnerable to SQL injection, which stems from a missing filter escape for SQL statements in the sid parameter of the ajaxchat/getHistoryChatData.php file. An attacker could exploit this vulnerability to extract sensitive data such ...

Xbtit Cross-Site Scripting Vulnerability

Xbtit is a tracker software. A cross-site scripting vulnerability exists in Xbtit version 3.1. The vulnerability occurs when /ajaxchat/sendChatData.php fails to properly validate the value of the "n" POST parameter. An attacker could exploit this vulnerability to execute malicious JavaScript code...

CVE-2021-45822

A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" POST parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code...

CVE-2021-45822

A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" POST parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code...

CVE-2021-45822

CVE-2021-45822 describes a stored XSS in Xbtit 3.1 where the request to /ajaxchat/sendChatData.php does not properly validate the n (POST) parameter. This vulnerability allows an attacker to inject and execute malicious JavaScript code, per multiple connected sources (e.g., NVD/Red Hat/CNVD varia...

Sql injection

A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order...

CVE-2021-45821

A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order...

CVE-2021-45821

Xbtit 3.1 is affected by a blind SQL injection in the sid parameter of ajaxchat/getHistoryChatData.php, exploitable by registered users. The vulnerability arises from a missing filter/escape for SQL statements, enabling extraction of sensitive data (e.g., usernames and passwords) and, in some cas...

Deserialization Vulnerability in AjaxChat

AjaxChat is a JavaScript, PHP and MySQL implementation of open source Web chat software , released under the GNU Affero General Public License. AjaxChat has a deserialization vulnerability in the commandtpl.php file in the use of the ajaxchat source code, which allows an attacker to construct...