phpbb 3.0.x-3.0.6 has an XSS vulnerability

Overview :
some issues found in phpbb 3.0.x-3.0.6 with an XSS vulnerability.
Affected Product(s) :
  • phpbb 3.0.x-3.0.6
Vulnerability Details :
CVE ID : CVE-2019-12419
phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.

Solution :

Source Package Release Version Status
phpbb3 (PTS) jessie 3.0.12-5+deb8u1 fixed
jessie (security) 3.0.12-5+deb8u4 fixed
Package Type Release Fixed Version Urgency Origin Debian Bugs
phpbb3 source (unstable) 3.0.7-PL1-5 low 612477

Common Vulnerabilityies and Exposures

Internet Download Manager 6.37.11.1 Export/Import stack-based overflow

A vulnerability, which was classified as critical, was found in Internet Download Manager 6.37.11.1. This affects an unknown code block of the component Export/Import. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Passcovery ZIP Password Recovery 3.70.69.0 Decompression buffer overflow

A vulnerability classified as critical was found in Passcovery ZIP Password Recovery 3.70.69.0. Affected by this vulnerability is an unknown part of the component Decompression. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Portable Playable 9.18 JPEG File filename unrestricted upload

A vulnerability, which was classified as critical, has been found in Portable Playable 9.18. Affected by this issue is an unknown code of the component JPEG File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.