Cross-Site Scripting in LayerBB by Topsec Technologies
CVE-2019-13972

6.1MEDIUM

Key Information:

Vendor: Layerbb
Status: Layerbb
Vendor: CVE Published:; 19 July 2019

What is CVE-2019-13972?

LayerBB version 1.1.3 is susceptible to a Cross-Site Scripting (XSS) vulnerability that allows attackers to inject malicious scripts via the pm_title variable in the application/commands/new.php endpoint, posing serious risks to user data and session integrity. This vulnerability highlights the need for rigorous input validation to mitigate such security threats.

References

http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2019
Vulnerability Reserved
Jul 19, 2019

CVE-2019-13972 Data

JSON

Layerbb

What is CVE-2019-13972?

References

CVSS V3.1

Timeline