Latest Security News about phpbb version 3 2 7

phpbb 3.0.x-3.0.6 has an XSS vulnerability

Overview : some issues found in phpbb 3.0.x-3.0.6 with an XSS vulnerability. Affected Product(s) : phpbb 3.0.x-3.0.6 Vulnerability Details : CVE ID : CVE-2019-12419 phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. Solution : Source Package Release Version Status phpbb3 (PTS) jessie 3.0.12-5+deb8u1 fixed jessie (security) 3.0.12-5+deb8u4 fixed Package Type Release Fixed […]

phpBB CSRF Token Hijacking attack exposed

Overview : phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS Affected Product(s) : phpBB version 3.2.7 Vulnerability Details : CVE ID : CVE-2019-13376 When an admin accesses the Administrator Control Panel (ACP) in phpBB, […]