PT-2018-13134 · Btiteam · Xbtit
Rastating
·
Publicado
2018-09-05
·
Atualizado
2019-10-03
·
CVE-2018-15676
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
BTITeam XBTIT (affected versions not specified)
Description
An issue was discovered that allows bypassing the anti-XSS mechanism in includes/crk protection.php. This is achieved by utilizing String.replace and eval, enabling the circumvention of the protection that normally looks for dangerous fingerprints.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Xbtit