Cross-Site Request Forgery Vulnerability in BTITeam XBTIT Allows Automated Private Message Sending

Cross-Site Request Forgery Vulnerability in BTITeam XBTIT Allows Automated Private Message Sending

CVE-2018-15682 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf.

Learn more about our Web App Pen Testing.