CVE-2024-58292

MEDIUM

XMB Forum 1.9.12.06 - Authenticated Stored Cross-Site Scripting via Admin Templates

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-58292. PoCs published by Chokri Hammedi.

AI-analyzed exploit summary This is a writeup detailing a persistent XSS vulnerability in XMB 1.9.12.06, where an attacker can inject malicious JavaScript into templates or the News Ticker field. The payload is stored server-side and executed in the context of any user visiting the affected pages.

Description

XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for all forum users when pages are rendered.

Exploits (1)

exploitdb WRITEUP
by Chokri Hammedi · textwebappsphp
https://www.exploit-db.com/exploits/52044

This is a writeup detailing a persistent XSS vulnerability in XMB 1.9.12.06, where an attacker can inject malicious JavaScript into templates or the News Ticker field. The payload is stored server-side and executed in the context of any user visiting the affected pages.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: XMB 1.9.12.06
Auth required
Prerequisites: Admin access to the XMB forum
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/52044
Various Sources product
https://www.xmbforum2.com/

Scores

CVSS v4 5.3
EPSS 0.0008
EPSS Percentile 23.5%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
xmbforum2/XMB Forum 1.9.12.06
Published Dec 11, 2025
Tracked Since Feb 18, 2026