1 matches found
CVE-2018-15677
The newsfeed aka /index.php?page=viewnews in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF...