Latest Security News about csrf token hijacking

phpBB CSRF Token Hijacking attack exposed

Overview : phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS Affected Product(s) : phpBB version 3.2.7 Vulnerability Details : CVE ID : CVE-2019-13376 When an admin accesses the Administrator Control Panel (ACP) in phpBB, […]