CVE-2023-5917

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 2, 2023
Updated: May 17, 2024
CWE ID 79

Summary

CVE-2023-5917 is a recently identified vulnerability affecting phpBB versions up to 3.3.10. This issue lies in the function main of the file phpBB/includes/acp/acp_icons.php in the Smiley Pack Handler component. By manipulating the argument "pak", an attacker can execute cross-site scripting (XSS) attacks remotely. Upgrading to phpBB version 3.3.11 is the recommended solution, which includes the patch with the identifier ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is strongly advised to apply this update as soon as possible to mitigate the associated risk. (VDB-244307)

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share