CSRF Token Hijacking and Stored XSS in phpBB 3.2.7 Remote Avatar Feature
CVE-2019-13376 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS
Learn more about our Web Application Penetration Testing UK.