CVE-2021-36905 Multiple Auth

CVE-2021-36905 Multiple Auth

1) Stored XSS in Admin menu. There is XSS in the admin menu. If a user can manipulate the admin menu, he can execute XSS attacks. 2) Stored XSS in Question Formats. There is XSS in question formats. If a user can manipulate the question formats, he can execute XSS attacks. 3) User Permissions. There is no need to give admin permissions to user who is not responsible for the quiz creation.

Stored XSS in Admin Menu

Stored XSS can be induced in the admin menu. If a user can manipulate the admin menu, he can execute XSS attacks.
If a user is able to create a quiz that is stored on the web server and if he/she has access to the admin menu, then he/she will be able to execute an XSS attack. This stored XSS vulnerability affects all versions of PHPBB.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe