Every CVE whose affected-product data names Btiteam Xbtit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2018-15680 — CVSS 9.8 (critical): An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes…
CVE-2018-15681 — CVSS 9.8 (critical): An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in…
CVE-2021-45821 — CVSS 8.8 (high): A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by…
CVE-2018-15682 — CVSS 8.8 (high): An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of…
CVE-2018-15683 — CVSS 6.1 (medium): An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of…
CVE-2018-17870 — CVSS 6.1 (medium): An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a…
CVE-2021-45822 — CVSS 6.1 (medium): A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does…
CVE-2018-15677 — CVSS 6.1 (medium): The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable…
CVE-2018-15678 — CVSS 6.1 (medium): An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable…
CVE-2018-15679 — CVSS 6.1 (medium): An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=s…
CVE-2018-15684 — CVSS 5.3 (medium): An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names…
CVE-2018-15676 — CVSS 5.3 (medium): An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php…