CVE-2019-13376: Cross-Site Request Forgery (CSRF)

September 27, 2019

phpBB allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS

References

blog.phpbb.com/category/security/
nvd.nist.gov/vuln/detail/CVE-2019-13376

Code Behaviors & Features

Detect and mitigate CVE-2019-13376 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →