CVE-2019-13376

Опубликовано: 27 сент. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS

Ссылки

https://blog.phpbb.com/category/security/
Exploit
Vendor Advisory
https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss
Exploit
Third Party Advisory
https://blog.phpbb.com/category/security/
Exploit
Vendor Advisory
https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpbb:phpbb:3.2.7:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00057

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-13376

CVSS3: 6.5

ubuntu

больше 6 лет назад

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS

CVE-2019-13376

CVSS3: 6.5

debian

больше 6 лет назад

phpBB version 3.2.7 allows the stealing of an Administration Control P ...

GHSA-6mh2-98gr-wv76

CVSS3: 6.5

github

больше 3 лет назад

phpBB Cross-Site Request Forgery (CSRF)

EPSS

Процентиль: 18%

0.00057

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79