CVE-2019-13376

Опубликовано: 27 сент. 2019

Источник: debian

EPSS Низкий

Описание

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
phpbb3	removed			package

Примечания

https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss
fixed in 3.2.8 as 'SECURITY-246'
https://github.com/phpbb/phpbb/commit/cdf4f5ef85f05c0f94eae1a9edb1c28d4ac3515f
follow-up to incomplete fix for CVE-2019-16993

EPSS

Процентиль: 18%

0.00057

Низкий

Связанные уязвимости

CVE-2019-13376

CVSS3: 6.5

ubuntu

больше 6 лет назад

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS

CVE-2019-13376

CVSS3: 6.5

nvd

больше 6 лет назад

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS

GHSA-6mh2-98gr-wv76

CVSS3: 6.5

github

больше 3 лет назад

phpBB Cross-Site Request Forgery (CSRF)

EPSS

Процентиль: 18%

0.00057

Низкий