Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8
CVE-2018-15681
- EPSS 0.21%
- Veröffentlicht 05.09.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:51:15
An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to the weak and predictable salt that is in place, an...
8.8
CVE-2018-15682
- EPSS 0.26%
- Veröffentlicht 05.09.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:51:16
An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a fo...
6.1
CVE-2018-15683
- EPSS 0.2%
- Veröffentlicht 05.09.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 03:51:16
An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected.