PT-2018-14237 · Btiteam · Xbtit
Published
2018-10-01
·
Updated
2019-01-08
·
CVE-2018-17870
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
BTITeam XBTIT version 2.5.4
Description
An issue was discovered in the software, where the
returnto parameter of the "account change.php" endpoint is vulnerable to an open redirect.Recommendations
For version 2.5.4, avoid using the
returnto parameter in the "account change.php" endpoint until the issue is resolved.Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xbtit