Arbitrary CSS Injection in phpBB Forums
CVE-2019-16108

7.5HIGH

Key Information:

Vendor: PHPbb
Status: PHPbb
Vendor: CVE Published:; 20 March 2020

What is CVE-2019-16108?

phpBB version 3.2.7 is vulnerable to an arbitrary Cascading Style Sheets (CSS) injection attack, where an attacker can manipulate website layouts and potentially execute malicious designs via BBCode. This vulnerability allows for the inclusion of unauthorized CSS token sequences, which could lead to visual manipulation or other security concerns for users interacting with affected pages.

References

https://www.phpbb.com/community/viewtopic.php?t=2523271

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2020
Vulnerability Reserved
Sep 8, 2019

CVE-2019-16108 Data

JSON

PHPbb

What is CVE-2019-16108?

References

CVSS V3.1

Timeline