CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5917 – phpBB Smiley Pack acp_icons.php main cross site scripting
https://notcve.org/view.php?id=CVE-2023-5917
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. • https://github.com/phpbb/phpbb/commit/ccf6e6c255d38692d72fcb613b113e6eaa240aac https://github.com/phpbb/phpbb/releases/tag/release-3.3.11 https://vuldb.com/?ctiid.244307 https://vuldb.com/?id.244307 https://www.phpbb.com https://www.phpbb.com/community/viewtopic.php?t=2646991 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8226
https://notcve.org/view.php?id=CVE-2020-8226
A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF. Se presenta una vulnerabilidad en phpBB versiones anteriores a v3.2.10 y versiones anteriores a v3.3.1, que permitió que la comprobación de las dimensiones de una imagen remota sea usada en un SSRF. • https://www.phpbb.com/community/viewtopic.php?f=14&t=2562631 https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16108
https://notcve.org/view.php?id=CVE-2019-16108
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets (CSS) token sequence to a page through BBCode. phpBB versión 3.2.7, permite agregar una secuencia de token arbitrario Cascading Style Sheets (CSS) a una página por medio de BBCode. • https://www.phpbb.com/community/viewtopic.php?t=2523271 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16107
https://notcve.org/view.php?id=CVE-2019-16107
Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments. Una falta de comprobación de tokens del formulario en phpBB versión 3.2.7, permite un ataque de tipo CSRF en una eliminación de archivos adjuntos de publicaciones. • https://www.phpbb.com/community/viewforum.php?f=14 https://www.phpbb.com/community/viewtopic.php?t=2523271 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-13376
https://notcve.org/view.php?id=CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS phpBB versión 3.2.7, permite el robo de un id de sesión del Panel de Control de Administración mediante el aprovechamiento de una vulnerabilidad de tipo CSRF en la funcionalidad Remote Avatar. El secuestro de tokens CSRF conduce a XSS almacenado • https://blog.phpbb.com/category/security https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •