Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Btiteam Subscribe
Filtered by product Xbtit

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-15677 1 Btiteam 1 Xbtit 2020-08-24 4.3 MEDIUM 6.1 MEDIUM
The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.
CVE-2018-15676 1 Btiteam 1 Xbtit 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprints.
CVE-2018-17870 1 Btiteam 1 Xbtit 2019-01-08 5.8 MEDIUM 6.1 MEDIUM
An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683.
CVE-2018-15683 1 Btiteam 1 Xbtit 2018-11-06 5.8 MEDIUM 6.1 MEDIUM
An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected.
CVE-2018-15684 1 Btiteam 1 Xbtit 2018-11-05 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data.
CVE-2018-15679 1 Btiteam 1 Xbtit 2018-11-05 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting.
CVE-2018-15678 1 Btiteam 1 Xbtit 2018-11-05 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting.
CVE-2018-16361 1 Btiteam 1 Xbtit 2018-10-25 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter.