CVE-2019-13376

2019-09-27T13:15:00
ID CVE-2019-13376
Type cve
Reporter cve@mitre.org
Modified 2019-09-27T20:52:00

Description

phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS