CVE-2023-5917 — LOW (2.4) — White Hats Nepal

Q: How severe is CVE-2023-5917?

CVE-2023-5917 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-5917?

Check the references section above for vendor advisories and patch information. Affected products include: Phpbb Phpbb.

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244307.

CVSS Score

2.4

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Phpbb	Phpbb	< 3.3.11

Related Weaknesses (CWE)

CWE-79

References

https://github.com/phpbb/phpbb/commit/ccf6e6c255d38692d72fcb613b113e6eaa240aacPatch
https://github.com/phpbb/phpbb/releases/tag/release-3.3.11Release Notes
https://vuldb.com/?ctiid.244307Permissions RequiredVDB Entry
https://vuldb.com/?id.244307Third Party AdvisoryVDB Entry
https://www.phpbb.com/Product
https://www.phpbb.com/community/viewtopic.php?t=2646991Release Notes
https://github.com/phpbb/phpbb/commit/ccf6e6c255d38692d72fcb613b113e6eaa240aacPatch
https://github.com/phpbb/phpbb/releases/tag/release-3.3.11Release Notes
https://vuldb.com/?ctiid.244307Permissions RequiredVDB Entry
https://vuldb.com/?id.244307Third Party AdvisoryVDB Entry
https://www.phpbb.com/Product
https://www.phpbb.com/community/viewtopic.php?t=2646991Release Notes

FAQ

What is CVE-2023-5917?

CVE-2023-5917 is a vulnerability with a CVSS score of 2.4 (LOW). A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pa...

How severe is CVE-2023-5917?

CVE-2023-5917 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5917?

Check the references section above for vendor advisories and patch information. Affected products include: Phpbb Phpbb.