Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
btiteam xbtit 2.5.4 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-16361
An issue exists in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter.
Btiteam Xbtit 2.5.4
4.3
CVSSv2
CVE-2018-15677
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.
Btiteam Xbtit 2.5.4
4.3
CVSSv2
CVE-2018-15678
An issue exists in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting.
Btiteam Xbtit 2.5.4
4.3
CVSSv2
CVE-2018-15679
An issue exists in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting.
Btiteam Xbtit 2.5.4
5
CVSSv2
CVE-2018-15680
An issue exists in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent malicious users to obtain cleartext values via a brute-force attack.
Btiteam Xbtit 2.5.4
5
CVSSv2
CVE-2018-15681
An issue exists in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an attacker who successfully s...
Btiteam Xbtit 2.5.4
5.8
CVSSv2
CVE-2018-17870
An issue exists in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683.
Btiteam Xbtit 2.54
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started