Lucene search
K

11 matches found

OSV
OSV
added 2018/10/01 11:29 p.m.4 views

CVE-2018-17870

An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of accountchange.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683...

6.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2018/10/01 11:0 p.m.22 views

CVE-2018-17870

An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of accountchange.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683...

6.1AI score0.00803EPSS
Exploits0References1
NVD
NVD
added 2018/09/05 9:29 p.m.12 views

CVE-2018-15679

An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting...

6.1CVSS6AI score0.00947EPSS
Exploits1References2
Prion
Prion
added 2018/09/05 9:29 p.m.13 views

Cross site request forgery (csrf)

The newsfeed aka /index.php?page=viewnews in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF...

4.3CVSS5.9AI score0.00474EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2018/09/05 9:29 p.m.13 views

Cross site scripting

An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting...

4.3CVSS6AI score0.00947EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/09/05 9:0 p.m.17 views

CVE-2018-16361

An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter...

6AI score0.00947EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/09/05 9:0 p.m.13 views

CVE-2018-15679

An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting...

6AI score0.00947EPSS
Exploits1References2
CVE
CVE
added 2018/09/05 9:0 p.m.40 views

CVE-2018-15678

BTITeam XBTIT 2.5.4 contains a reflected cross-site scripting (XSS) vulnerability in the sign-up page ( /index.php?page=signup ) via the act parameter. The NVD entry CVE-2018-15678 documents this issue with CVSS v2 base score 4.3 ( MEDIUM ) and CVSS v3 base score 6.1 ( MEDIUM ), indicating networ...

6.1CVSS6AI score0.00947EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/09/05 9:0 p.m.22 views

CVE-2018-15681

An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie c...

9.4AI score0.00751EPSS
Exploits1References1
CVE
CVE
added 2018/09/05 9:0 p.m.35 views

CVE-2018-15677

BTITeam XBTIT 2.5.4 contains a stored cross-site scripting (XSS) vulnerability in the newsfeed page (/index.php?page=viewnews) where the news item title is not correctly sanitized. The issue can be triggered via standard XSS and is also exploitable through CSRF. The root cause is the failure to p...

6.1CVSS5.9AI score0.00474EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/09/05 9:0 p.m.44 views

CVE-2018-15680

CVE-2018-15680 affects BTITeam XBTIT 2.5.4 where passwords in the xbtit_users table are stored as unsalted MD5 hashes. The root cause is weak password hashing, enabling context-dependent attackers to brute-force and recover cleartext passwords. Public details in the provided documents confirm the...

9.8CVSS9AI score0.00792EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder