Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
BtiteamXbtit*

4 matches found

cve
cveadded 2018/09/05 9:29 p.m.32 views

CVE-2018-15676

An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprints.

5.3CVSS5.3AI score0.00238EPSS
cve
cveadded 2018/09/05 9:29 p.m.30 views

CVE-2018-15684

An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data.

5.3CVSS5.2AI score0.00245EPSS
cve
cveadded 2018/09/05 9:29 p.m.29 views

CVE-2018-15683

An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected.

6.1CVSS6.1AI score0.00199EPSS
cve
cveadded 2018/09/05 9:29 p.m.25 views

CVE-2018-15682

An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf.

8.8CVSS8.4AI score0.00259EPSS