Home > Vulnerability Database > CVE-2019-13376

Mend.io Vulnerability Database

CVE-2019-13376

Date: September 27, 2019

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS

Severity Score

6.5

Related Resources (6)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13376

Url: https://blog.phpbb.com/category/security/

Url: https://ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-13376

Url: https://security-tracker.debian.org/tracker/CVE-2019-13376

Url: https://www.mend.io/vulnerability-database/CVE-2019-13376

Severity Score

6.5

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-13376

Date: September 27, 2019

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?