2176 matches found
BIT-PHPBB-2020-8226
A vulnerability exists in phpBB v3.2.10 and v3.3.1 which allowed remote image dimensions check to be used to SSRF...
BIT-PHPBB-2023-5917
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acpicons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be...
Cross-site Scripting (XSS)
phpbb/phpbb is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the main function in acpicons.php does not adequately escape the smilies URL and does not prevent the use of a .pak filename, allowing an attacker to inject and execute malicious JavaScript...
GHSA-GMX8-8RFF-QV6Q phpBB's Smiley Pack acp_icons.php main pack vulnerable to cross site scripting
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acpicons.php of the component Smiley Pack Handler. The manipulation of the argument pack leads to cross site scripting. The attack may be...
phpBB's Smiley Pack acp_icons.php main pack vulnerable to cross site scripting
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acpicons.php of the component Smiley Pack Handler. The manipulation of the argument pack leads to cross site scripting. The attack may be...
CVE-2023-5917
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acpicons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be...
CVE-2023-5917
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acpicons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be...
Cross site scripting
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acpicons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be...
CVE-2023-5917
CVE-2023-5917 affects phpBB up to version 3.3.10, specifically the Smiley Pack Handler in phpBB/includes/acp/acp_icons.php. The issue arises from improper handling of the pak argument in the main() function, leading to cross-site scripting (XSS). The vulnerability can be exploited remotely. A fix...
CVE-2023-5917 phpBB Smiley Pack acp_icons.php main cross site scripting
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acpicons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be...
CVE-2023-5917 phpBB Smiley Pack acp_icons.php main cross site scripting
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acpicons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be...
PT-2023-32416 · Phpbb · Phpbb
Name of the Vulnerable Software and Affected Versions: phpBB versions up to 3.3.10 Description: A problematic issue has been found in phpBB, affecting the function main of the file phpBB/includes/acp/acp icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to...
phpBB: Authenticated path traversal to Stored XSS and Denial-of-Service
An authenticated path traversal vulnerability was discovered that could allow an attacker to cause a denial-of-service by reading files from restricted directories. This vulnerability also enabled an attacker to determine which files existed on the server. Additionally, a stored cross-site...
phpbb-italia.it Cross Site Scripting vulnerability OBB-3651523
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
phpBB Server-Side Request Forgery Vulnerability
A vulnerability exists in phpBB v3.2.10 and v3.3.1 which allowed remote image dimensions check to be used to SSRF...
GHSA-JHM9-H84H-RW83 phpBB Server-Side Request Forgery Vulnerability
A vulnerability exists in phpBB v3.2.10 and v3.3.1 which allowed remote image dimensions check to be used to SSRF...
phpBB arbitrary CSS injection
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...
GHSA-8HC2-HVRC-X4QR phpBB arbitrary CSS injection
phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...
phpBB Cross-Site Request Forgery (CSRF)
Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments...
GHSA-WG24-9XM9-593V phpBB Cross-Site Request Forgery (CSRF)
Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments...