CVE Tools

btiteam

Unclassifiedunknown

11

Cumulative CVEs

2

Monthly snapshots

#37

Peak rank

Top products

Latest CVEs

The 14 most recently published vulnerabilities affecting btiteam.

CVE-2021-45822A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" (POST) parameter...6.1Mar 16, 2022
CVE-2021-45821A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extr...8.8Mar 16, 2022
CVE-2018-17870An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683.6.1Oct 1, 2018
CVE-2018-15684An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitiv...5.3Sep 5, 2018
CVE-2018-15683An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the...6.1Sep 5, 2018
CVE-2018-15682An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticat...8.8Sep 5, 2018
CVE-2018-15681An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due ...9.8Sep 5, 2018
CVE-2018-15680An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obta...9.8Sep 5, 2018
CVE-2018-15679An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting.6.1Sep 5, 2018
CVE-2018-15678An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting.6.1Sep 5, 2018
CVE-2018-15677The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.6.1Sep 5, 2018
CVE-2018-15676An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerpr...5.3Sep 5, 2018
CVE-2018-16361An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter.6.1Sep 5, 2018
CVE-2007-5986SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.7.5Nov 15, 2007