PT-2023-32416 · Phpbb · Phpbb
Shin24
·
Published
2023-11-02
·
Updated
2024-05-17
·
CVE-2023-5917
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
phpBB versions up to 3.3.10
Description
A problematic issue has been found in phpBB, affecting the function main of the file phpBB/includes/acp/acp icons.php of the component Smiley Pack Handler. The manipulation of the argument
pak leads to cross-site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue.Recommendations
For phpBB versions up to 3.3.10, upgrade to version 3.3.11 to address the issue. As a temporary workaround, consider restricting access to the vulnerable component Smiley Pack Handler until the upgrade is applied. Avoid using the argument
pak in the affected function main until the issue is resolved.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpbb