CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of accountchange.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683...

6.1CVSS5.8AI score

Exploits0References1

NVD•added 2018/10/01 11:29 p.m.•11 views

CVE-2018-17870

An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of accountchange.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683...

6.1CVSS6.1AI score0.002EPSS

Exploits0References1

Prion•added 2018/10/01 11:29 p.m.•10 views

Open redirect

An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of accountchange.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683...

5.8CVSS6.1AI score0.002EPSS

Exploits1References1Affected Software1

CVE•added 2018/10/01 11:0 p.m.•39 views

CVE-2018-17870

CVE-2018-17870 affects BTITeam XBTIT 2.5.4, via an open redirect in the returnto parameter of account_change.php. This CVE is stated as distinct from CVE-2018-15683. The provided NVD entry lists CVSS vectors/scores (2.0: 5.8; 3.0: 6.1) and general exposure (network, no auth for CVSS2; UI required...

6.1CVSS6.1AI score0.002EPSS

Exploits0References1Affected Software1

Cvelist•added 2018/10/01 11:0 p.m.•13 views

CVE-2018-17870

An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of accountchange.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683...

6.1AI score0.002EPSS

Exploits0References1

CNVD•added 2018/09/07 12:0 a.m.•3 views

BTITeam XBTIT cross-site scripting vulnerability (CNVD-2018-19430)

BTITeam XBTIT is an open source bittorrent tracking system. A cross-site scripting vulnerability exists in BTITeam XBTIT. Attackers can use the 'String.replace' function and 'eval' function to exploit the vulnerability to bypass the includes/crkprotection.php script of the anti-cross-site scripti...

5.3CVSS5.5AI score0.00167EPSS

Exploits1References1

CNVD•added 2018/09/06 12:0 a.m.•4 views

BTITeam XBTIT Cross-Site Scripting Vulnerability

XBTIT is an open source tracking software. A cross-site scripting vulnerability exists in news.php in BTITeam XBTIT 2.5.4. An attacker can exploit this vulnerability via the id parameter to conduct a cross-site scripting attack...

6.1CVSS6AI score0.0024EPSS

Exploits1References1

CNVD•added 2018/09/06 12:0 a.m.•1 views

BTITeam XBTIT Cross-Site Scripting Vulnerability (CNVD-2019-28273)

XBTIT is an open source tracking software. A stored cross-site scripting vulnerability exists in newsfeed /index.php?page=viewnews in BTITeam XBTIT 2.5.4. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via the headline of a news item...

6.1CVSS5.9AI score0.00154EPSS

Exploits1References1

CNVD•added 2018/09/06 12:0 a.m.•3 views

BTITeam XBTIT cross-site scripting vulnerability (CNVD-2019-28274)

XBTIT is an open source tracking software. A reflective cross-site scripting vulnerability exists in the 'keywords' parameter in the search function in /index.php?page=forums&action=search in BTITeam XBTIT 2.5.4. The vulnerability can be exploited to execute arbitrary JavaScript code in a user's...

6.1CVSS6.2AI score0.0024EPSS

Exploits1References1

NVD•added 2018/09/05 9:29 p.m.•10 views

CVE-2018-16361

An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter...

6.1CVSS6AI score0.0024EPSS

Exploits1References2

OSV•added 2018/09/05 9:29 p.m.•0 views

CVE-2018-16361

An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter...

6.1CVSS5.8AI score

Exploits0References2