Xbtit@2.5.4 Security Vulnerabilities and Issues — Xbtit@2.5.4 CVE List

Lucene search

BtiteamXbtit2.5.4

6 matches found

CVE•added 2018/09/05 9:29 p.m.•34 views

CVE-2018-15681

An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully steals this cookie can...

9.8CVSS9.3AI score0.00205EPSS

CVE•added 2018/09/05 9:29 p.m.•33 views

CVE-2018-15680

An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack.

9.8CVSS9AI score0.00174EPSS

CVE•added 2018/09/05 9:29 p.m.•29 views

CVE-2018-15678

An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting.

6.1CVSS6AI score0.0024EPSS

CVE•added 2018/09/05 9:29 p.m.•29 views

CVE-2018-16361

An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2018/09/05 9:29 p.m.•27 views

CVE-2018-15677

The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.

6.1CVSS5.9AI score0.00113EPSS

CVE•added 2018/09/05 9:29 p.m.•26 views

CVE-2018-15679

An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting.

6.1CVSS6AI score0.0024EPSS