Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown
CVE-2019-13776
Disclosure Date: November 02, 2021 (last updated November 08, 2023)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: some publications have used this number when they meant to use CVE-2019-13376
0
Attacker Value
Unknown
CVE-2019-13376
Disclosure Date: September 27, 2019 (last updated November 27, 2024)
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS
0