CVE-2024-58344

MEDIUM

Carbon Forum 5.9.0 Persistent XSS via Forum Name Field

Title source: cna

Description

Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that execute in the browsers of all users visiting the forum, enabling session hijacking and data theft.

Exploits (1)

exploitdb WRITEUP

by Chokri Hammedi · textwebappsphp

https://www.exploit-db.com/exploits/52043

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/52043

[Product] https://www.94cb.com/

[Product] https://github.com/lincanbin/Carbon-Forum

[Third Party Advisory] https://www.vulncheck.com/advisories/carbon-forum-persistent-xss-via-forum-name-field

Scores

CVSS v3 6.4

EPSS 0.0003

EPSS Percentile 8.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

94Cb/Carbon Forum 5.9.0

Published Apr 22, 2026

Tracked Since Apr 22, 2026