← volver
CVE-2024-58292

XMB Forum 1.9.12.06 Persistent Cross-Site Scripting via Admin Templates

CVSS 5.3 MEDIUMEPSS 0.4%CWE-79
XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for all forum users when pages are rendered.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Productos afectados
xmbforum2 · XMB Forum

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.exploit-db.com/exploits/52044https://www.vulncheck.com/advisories/xmb-forum-persistent-cross-site-scripting-via-admin-templateshttps://www.xmbforum2.com/