{"id":"CVE-2019-13972","details":"LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997.","modified":"2026-04-11T21:45:19.997213Z","published":"2019-07-19T07:15:11.200Z","references":[{"type":"EVIDENCE","url":"http://blog.topsec.com.cn/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E5%85%B3%E4%BA%8Elayerbb-1-1-3-xss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/andyrixon/layerbb","events":[{"introduced":"0"},{"last_affected":"d7cfe8afe388183855d27834e21e95ff2972d7b3"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"1.1.3"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:layerbb:layerbb:1.1.3:*:*:*:*:*:*:*"}}],"versions":["1.0.4","1.0.5","1.0.6","1.1.0","1.1.1","1.1.2","1.1.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-13972.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}