CVE-2024-58292

Vulnerability Description

XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for all forum users when pages are rendered.

Related Weaknesses (CWE)

CWE-79

References

https://www.exploit-db.com/exploits/52044
https://www.vulncheck.com/advisories/xmb-forum-persistent-cross-site-scripting-v
https://www.xmbforum2.com/

FAQ

What is CVE-2024-58292?

CVE-2024-58292 is a documented vulnerability. XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers c...

How severe is CVE-2024-58292?

CVSS scoring is not yet available for CVE-2024-58292. Check NVD for updates.

Is there a patch for CVE-2024-58292?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.