First published: Thu Nov 02 2023(Updated: )
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file `phpBB/includes/acp/acp_icons.php` of the component Smiley Pack Handler. The manipulation of the argument pack leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244307.
Credit: cna@vuldb.com cna@vuldb.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/phpbb/phpbb | <3.3.11 | 3.3.11 |
Phpbb Phpbb | <3.3.11 | |
<3.3.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-5917.
The severity of CVE-2023-5917 is medium.
The vulnerability affects phpBB up to version 3.3.10.
The CWE of CVE-2023-5917 is CWE-79.
To fix CVE-2023-5917, update phpBB to version 3.3.11 or higher.