关键漏洞信息 漏洞概述 漏洞编号: CVE-2023-5917 CVSS Meta Temp Score: 3.6 当前漏洞利用价格: $0-$5k CTI Interest Score: 0.29 漏洞描述 受影响产品: phpBB up to 3.3.10 漏洞类型: Cross Site Scripting (XSS) 受影响文件: 受影响函数: of the file 受影响组件: Smileys Pack Handler 问题原因: Manipulation of the argument leads to a cross site scripting vulnerability. 用户交互需求: The victim is doing some kind of user interaction. 技术细节 CWE 编号: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')) ATT&CK 技术编号: T1059.007 披露日期: 11/02/2023 漏洞定义: phpBB does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. 已知细节: Technical details of the vulnerability are known, but there is no available exploit. 建议措施 升级: Upgrading the affected component is advised. 披露: Advisive available at phpbb.com