CVE-2019-13376

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-13376

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13376.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-13376

Aliases

GHSA-6mh2-98gr-wv76

Related

Published

2019-09-27T13:15:10Z

Modified

2024-09-03T02:25:14.153329Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS

References

Affected packages

Git / github.com/phpbb/phpbb

Affected ranges

Type: GIT
Repo: https://github.com/phpbb/phpbb
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

07767ab3e65377654286f4b16c4319e53fa86f04

Affected versions

release-3.*

release-3.0-B1

release-3.0-B2

release-3.0-B3

release-3.0-B4

release-3.0-B5

release-3.0-RC1

release-3.0-RC2

release-3.0-RC3

release-3.0-RC4

release-3.0-RC5

release-3.0-RC6

release-3.0-RC7

release-3.0-RC8

release-3.0.0

release-3.0.1

release-3.0.1-RC1

release-3.0.10

release-3.0.10-RC1

release-3.0.10-RC2

release-3.0.10-RC3

release-3.0.11-RC1

release-3.0.11-RC2

release-3.0.12-RC1

release-3.0.12-RC2

release-3.0.12-RC3

release-3.0.13-PL1

release-3.0.13-RC1

release-3.0.14

release-3.0.14-RC1

release-3.0.2

release-3.0.2-RC1

release-3.0.2-RC2

release-3.0.3

release-3.0.3-RC1

release-3.0.4

release-3.0.4-RC1

release-3.0.5

release-3.0.5-RC1

release-3.0.6

release-3.0.6-RC1

release-3.0.6-RC2

release-3.0.6-RC3

release-3.0.6-RC4

release-3.0.7

release-3.0.7-PL1

release-3.0.7-RC1

release-3.0.7-RC2

release-3.0.8

release-3.0.8-RC1

release-3.0.9

release-3.0.9-RC1

release-3.0.9-RC2

release-3.0.9-RC3

release-3.0.9-RC4

release-3.1.0

release-3.1.0-RC1

release-3.1.0-RC2

release-3.1.0-RC3

release-3.1.0-RC4

release-3.1.0-RC5

release-3.1.0-RC6

release-3.1.0-a1

release-3.1.0-a2

release-3.1.0-a3

release-3.1.0-b1

release-3.1.0-b2

release-3.1.0-b3

release-3.1.0-b4

release-3.1.1

release-3.1.10

release-3.1.10-RC1

release-3.1.11

release-3.1.11-RC1

release-3.1.12

release-3.1.2

release-3.1.2-RC1

release-3.1.3

release-3.1.3-RC1

release-3.1.3-RC2

release-3.1.4

release-3.1.4-RC1

release-3.1.4-RC2

release-3.1.5

release-3.1.5-RC1

release-3.1.6

release-3.1.6-RC1

release-3.1.7

release-3.1.7-RC1

release-3.1.7-pl1

release-3.1.8

release-3.1.8-RC1

release-3.1.9

release-3.1.9-RC1

release-3.2.0

release-3.2.0-RC1

release-3.2.0-RC2

release-3.2.0-a1

release-3.2.0-b2

release-3.2.1

release-3.2.1-RC1

release-3.2.2

release-3.2.2-RC1

release-3.2.3

release-3.2.3-RC1

release-3.2.3-RC2

release-3.2.4

release-3.2.4-RC1

release-3.2.5

release-3.2.5-RC1

release-3.2.6

release-3.2.6-RC1

release-3.2.7

release-3.2.7-RC1