CVE-2023-5917

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 2, 2023

Updated: May 17, 2024

CWE ID 79

Summary

CVE-2023-5917 is a recently identified vulnerability affecting phpBB versions up to 3.3.10. This issue lies in the function main of the file phpBB/includes/acp/acp_icons.php in the Smiley Pack Handler component. By manipulating the argument "pak", an attacker can execute cross-site scripting (XSS) attacks remotely. Upgrading to phpBB version 3.3.11 is the recommended solution, which includes the patch with the identifier ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is strongly advised to apply this update as soon as possible to mitigate the associated risk. (VDB-244307)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

phpBB

Affected Vendors

PhpBB

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tPb5C1
https://www.cve.org/CVERecord?id=CVE-2023-5917
https://nvd.nist.gov/vuln/detail/CVE-2023-5917

Back to Vulnerability Database