CVE-2024-58291

MEDIUM

Flatboard 3.2 - Authenticated Stored Cross-Site Scripting via Forum Information Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-58291. PoCs published by tmrswrr.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Flatboard 3.2, where an authenticated attacker can inject malicious JavaScript via the 'Information' field when creating a forum. The payload executes when the forum is viewed, stealing cookies via a confirmation dialog.

Description

Flatboard 3.2 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts in forum information fields. Attackers can insert JavaScript payloads that execute when other users view the forum, potentially stealing session cookies and executing client-side scripts.

Exploits (1)

exploitdb WORKING POC

by tmrswrr · textwebappsphp

https://www.exploit-db.com/exploits/52054

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Flatboard 3.2, where an authenticated attacker can inject malicious JavaScript via the 'Information' field when creating a forum. The payload executes when the forum is viewed, stealing cookies via a confirmation dialog.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Flatboard 3.2

Auth required

Prerequisites: Authenticated access to the admin panel · Ability to create a forum

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/52054

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/flatboard-authenticated-stored-cross-site-scripting-via-forum-information-field

Various Sources product

https://flatboard.org/

Various Sources government-resource

https://flatboard.org/support

Scores

CVSS v4 5.3

EPSS 0.0006

EPSS Percentile 19.3%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Flatboard/Flatboard 3.2

Published Dec 11, 2025

Tracked Since Feb 18, 2026