CVE-2019-13376

{"id": "CVE-2019-13376", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-09-27T13:15:10.383", "references": [{"url": "https://blog.phpbb.com/category/security/", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://blog.phpbb.com/category/security/", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS"}, {"lang": "es", "value": "phpBB versi\u00f3n 3.2.7, permite el robo de un id de sesi\u00f3n del Panel de Control de Administraci\u00f3n mediante el aprovechamiento de una vulnerabilidad de tipo CSRF en la funcionalidad Remote Avatar. El secuestro de tokens CSRF conduce a XSS almacenado"}], "lastModified": "2024-11-21T04:24:49.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpbb:phpbb:3.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAF4385F-3D63-4D4E-94AB-F96F7EED3A35"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}