CVE-2024-58292

MEDIUM

XMB Forum 1.9.12.06 - XSS

Title source: llm

Description

XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for all forum users when pages are rendered.

Exploits (1)

exploitdb WRITEUP

by Chokri Hammedi · textwebappsphp

https://www.exploit-db.com/exploits/52044

View Code ZIP pw:eip

References (3)

[Various Sources] https://www.xmbforum2.com/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/52044

[Third Party Advisory] https://www.vulncheck.com/advisories/xmb-forum-persistent-cross-site-scripting-via-admin-templates

Scores

CVSS v4 5.3

EPSS 0.0013

EPSS Percentile 32.3%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Details

CWE

CWE-79

Status published

Products (1)

xmbforum2/XMB Forum 1.9.12.06

Published Dec 11, 2025

Tracked Since Feb 18, 2026