Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
btiteam xbtit 2.5.4 vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2018-17870
An issue exists in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683.
Btiteam Xbtit 2.54
4.3
CVSSv2
CVE-2018-15677
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.
Btiteam Xbtit 2.5.4
4.3
CVSSv2
CVE-2018-15678
An issue exists in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting.
Btiteam Xbtit 2.5.4
4.3
CVSSv2
CVE-2018-15679
An issue exists in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting.
Btiteam Xbtit 2.5.4
5
CVSSv2
CVE-2018-15680
An issue exists in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent malicious users to obtain cleartext values via a brute-force attack.
Btiteam Xbtit 2.5.4
4.3
CVSSv2
CVE-2018-16361
An issue exists in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter.
Btiteam Xbtit 2.5.4
5
CVSSv2
CVE-2018-15681
An issue exists in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully s...
Btiteam Xbtit 2.5.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started