Description
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS
Remediation
References
Related Vulnerabilities
Squid Improper Input Validation Vulnerability (CVE-2015-3455)
WordPress Plugin S3 Video Cross-Site Scripting (0.983)
MySQL CVE-2016-3615 Vulnerability (CVE-2016-3615)
WordPress Plugin 10Web Map Builder for Google Maps SQL Injection (1.0.72)
WordPress 4.5.x Denial of Service Vulnerability (4.5 - 4.5.13)