CVE-2023-5917 – phpBB Smiley Pack acp_icons.php main cross site scripting
https://notcve.org/view.php?id=CVE-2023-5917
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. • https://github.com/phpbb/phpbb/commit/ccf6e6c255d38692d72fcb613b113e6eaa240aac https://github.com/phpbb/phpbb/releases/tag/release-3.3.11 https://vuldb.com/?ctiid.244307 https://vuldb.com/?id.244307 https://www.phpbb.com https://www.phpbb.com/community/viewtopic.php?t=2646991 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-8226
https://notcve.org/view.php?id=CVE-2020-8226
A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF. Se presenta una vulnerabilidad en phpBB versiones anteriores a v3.2.10 y versiones anteriores a v3.3.1, que permitió que la comprobación de las dimensiones de una imagen remota sea usada en un SSRF. • https://www.phpbb.com/community/viewtopic.php?f=14&t=2562631 https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2019-16108
https://notcve.org/view.php?id=CVE-2019-16108
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode. phpBB versión 3.2.7, permite agregar una secuencia de token arbitrario Cascading Style Sheets (CSS) a una página por medio de BBCode. • https://www.phpbb.com/community/viewtopic.php?t=2523271 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2019-16107
https://notcve.org/view.php?id=CVE-2019-16107
Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments. Una falta de comprobación de tokens del formulario en phpBB versión 3.2.7, permite un ataque de tipo CSRF en una eliminación de archivos adjuntos de publicaciones. • https://www.phpbb.com/community/viewforum.php?f=14 https://www.phpbb.com/community/viewtopic.php?t=2523271 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-5502
https://notcve.org/view.php?id=CVE-2020-5502
phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships. phpBB versión 3.2.8, permite un ataque de tipo CSRF que puede aprobar membresías de grupo pendientes. • https://blog.phpbb.com/category/security https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536 • CWE-352: Cross-Site Request Forgery (CSRF) •