CVE-2018-15677
BTITeam XBTIT 2.5.4 contains a stored cross-site scripting (XSS) vulnerability in the newsfeed page (/index.php?page=viewnews) where the news item title is not correctly sanitized. The issue can be triggered via standard XSS and is also exploitable through CSRF. The root cause is the failure to p...