← Back to CVE List
CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt