Lucene search

[email protected]CVE-2023-5917

HistoryNov 02, 2023 - 11:15 a.m.

CVE-2023-5917

2023-11-0211:15:14

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-5917

phpbb

vulnerability

cross site scripting

smiley pack handler

remote

upgrade

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:M/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

39.7%

JSON

A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244307.

VendorProductVersionCPE
phpbb_groupphpbb3.3.0cpe:2.3:a:phpbb_group:phpbb:3.3.0:*:*:*:*:*:*:*
phpbb_groupphpbb3.3.1cpe:2.3:a:phpbb_group:phpbb:3.3.1:*:*:*:*:*:*:*
phpbb_groupphpbb3.3.2cpe:2.3:a:phpbb_group:phpbb:3.3.2:*:*:*:*:*:*:*
phpbb_groupphpbb3.3.3cpe:2.3:a:phpbb_group:phpbb:3.3.3:*:*:*:*:*:*:*
phpbb_groupphpbb3.3.4cpe:2.3:a:phpbb_group:phpbb:3.3.4:*:*:*:*:*:*:*
phpbb_groupphpbb3.3.5cpe:2.3:a:phpbb_group:phpbb:3.3.5:*:*:*:*:*:*:*
phpbb_groupphpbb3.3.6cpe:2.3:a:phpbb_group:phpbb:3.3.6:*:*:*:*:*:*:*
phpbb_groupphpbb3.3.7cpe:2.3:a:phpbb_group:phpbb:3.3.7:*:*:*:*:*:*:*
phpbb_groupphpbb3.3.8cpe:2.3:a:phpbb_group:phpbb:3.3.8:*:*:*:*:*:*:*
phpbb_groupphpbb3.3.9cpe:2.3:a:phpbb_group:phpbb:3.3.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpbb_group	phpbb	3.3.0	cpe:2.3:a:phpbb_group:phpbb:3.3.0:::::::*
phpbb_group	phpbb	3.3.1	cpe:2.3:a:phpbb_group:phpbb:3.3.1:::::::*
phpbb_group	phpbb	3.3.2	cpe:2.3:a:phpbb_group:phpbb:3.3.2:::::::*
phpbb_group	phpbb	3.3.3	cpe:2.3:a:phpbb_group:phpbb:3.3.3:::::::*
phpbb_group	phpbb	3.3.4	cpe:2.3:a:phpbb_group:phpbb:3.3.4:::::::*
phpbb_group	phpbb	3.3.5	cpe:2.3:a:phpbb_group:phpbb:3.3.5:::::::*
phpbb_group	phpbb	3.3.6	cpe:2.3:a:phpbb_group:phpbb:3.3.6:::::::*
phpbb_group	phpbb	3.3.7	cpe:2.3:a:phpbb_group:phpbb:3.3.7:::::::*
phpbb_group	phpbb	3.3.8	cpe:2.3:a:phpbb_group:phpbb:3.3.8:::::::*
phpbb_group	phpbb	3.3.9	cpe:2.3:a:phpbb_group:phpbb:3.3.9:::::::*

Rows per page:

1-10 of 111

References

github.com/phpbb/phpbb/commit/ccf6e6c255d38692d72fcb613b113e6eaa240aac

github.com/phpbb/phpbb/releases/tag/release-3.3.11

vuldb.com/?ctiid.244307

vuldb.com/?id.244307

www.phpbb.com/

www.phpbb.com/community/viewtopic.php?t=2646991

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:M/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

39.7%

JSON

Related for CVE-2023-5917

veracode1 osv2 cvelist1 prion1