CVE-2024-58291

MEDIUM

Flatboard 3.2 - XSS

Title source: llm

Description

Flatboard 3.2 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts in forum information fields. Attackers can insert JavaScript payloads that execute when other users view the forum, potentially stealing session cookies and executing client-side scripts.

Exploits (1)

exploitdb WORKING POC

by tmrswrr · textwebappsphp

https://www.exploit-db.com/exploits/52054

View Code ZIP pw:eip

References (4)

[Various Sources] https://flatboard.org/

[Various Sources] https://flatboard.org/support

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/52054

[Third Party Advisory] https://www.vulncheck.com/advisories/flatboard-authenticated-stored-cross-site-scripting-via-forum-information-field

Scores

CVSS v4 5.3

EPSS 0.0009

EPSS Percentile 25.6%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Details

CWE

CWE-79

Status published

Products (1)

Flatboard/Flatboard 3.2

Published Dec 11, 2025

Tracked Since Feb 18, 2026