Arbitrary CSS Injection in phpBB Forums
CVE-2019-16108

7.5HIGH

Key Information:

Vendor: PHPbb
Status: PHPbb
Vendor: CVE Published:; 20 March 2020

What is CVE-2019-16108?

phpBB version 3.2.7 is vulnerable to an arbitrary Cascading Style Sheets (CSS) injection attack, where an attacker can manipulate website layouts and potentially execute malicious designs via BBCode. This vulnerability allows for the inclusion of unauthorized CSS token sequences, which could lead to visual manipulation or other security concerns for users interacting with affected pages.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.phpbb.com/community/viewtopic.php?t=2523271

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2020
Vulnerability Reserved
Sep 8, 2019

JSON

PHPbb

What is CVE-2019-16108?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.