6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.3%
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS
blog.phpbb.com/category/security/
ssd-disclosure.com/archives/4007/ssd-advisory-phpbb-csrf-token-hijacking-leading-to-stored-xss