Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
btiteam xbtit vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-15676
An issue exists in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprints.
Btiteam Xbtit
5
CVSSv2
CVE-2018-15684
An issue exists in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data.
Btiteam Xbtit
5.8
CVSSv2
CVE-2018-15683
An issue exists in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected.
Btiteam Xbtit
6.8
CVSSv2
CVE-2018-15682
An issue exists in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf.
Btiteam Xbtit
4.3
CVSSv2
CVE-2021-45822
A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" (POST) parameter. Through this vulnerability, an attacker is capable to execute malicious...
Btiteam Xbtit 3.1
4.3
CVSSv2
CVE-2018-16361
An issue exists in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter.
Btiteam Xbtit 2.5.4
6.5
CVSSv2
CVE-2021-45821
A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulne...
Btiteam Xbtit 3.1
4.3
CVSSv2
CVE-2018-15678
An issue exists in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting.
Btiteam Xbtit 2.5.4
5
CVSSv2
CVE-2018-15680
An issue exists in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent malicious users to obtain cleartext values via a brute-force attack.
Btiteam Xbtit 2.5.4
5.8
CVSSv2
CVE-2018-17870
An issue exists in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683.
Btiteam Xbtit 2.54
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »