1) Stored XSS in Admin menu. There is XSS in the admin menu. If a user can manipulate the admin menu, he can execute XSS attacks. 2) Stored XSS in Question Formats. There is XSS in question formats. If a user can manipulate the question formats, he can execute XSS attacks. 3) User Permissions. There is no need to give admin permissions to user who is not responsible for the quiz creation.

Stored XSS in Admin Menu

Stored XSS can be induced in the admin menu. If a user can manipulate the admin menu, he can execute XSS attacks.
If a user is able to create a quiz that is stored on the web server and if he/she has access to the admin menu, then he/she will be able to execute an XSS attack. This stored XSS vulnerability affects all versions of PHPBB.

Timeline

Published on: 11/17/2022 23:15:00 UTC
Last modified on: 11/22/2022 14:55:00 UTC

References