CVE-2023-5917
Summary
A cross-site scripting (XSS) vulnerability has been identified in phpBB versions up to 3.3.10 within the Smiley Pack Handler component. This vulnerability, specifically in the acp_icons.php file, can be exploited remotely by manipulating the 'pak' argument. A patch is available in version 3.3.11.
IFF Assessment
FOE
This vulnerability allows for remote code execution via cross-site scripting, posing a direct threat to users and administrators of affected phpBB installations.
Severity
2.4
Low
Defender Context
This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking or further exploitation. Defenders should prioritize patching phpBB installations to the latest version (3.3.11) to mitigate this risk.