PT-2018-13137 · Btiteam · Xbtit
Rastating
·
Publicado
2018-09-05
·
Atualizado
2018-11-05
·
CVE-2018-15679
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
BTITeam XBTIT version 2.5.4
Description
An issue was discovered in the search function available at "/index.php?page=forums&action=search", where the
keywords parameter is vulnerable to reflected cross-site scripting.Recommendations
For BTITeam XBTIT version 2.5.4, consider restricting access to the search function or avoiding the use of the
keywords parameter in the affected API endpoint until the issue is resolved.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Xbtit