CVE-2019-13376
CVE-2019-13376 affects phpBB version 3.2.7. The vulnerability arises from CSRF in the Remote Avatar feature, enabling token hijacking that can steal an Administration Control Panel session ID and leads to stored XSS. The connected documents corroborate the affected component and the root cause (C...