PT-2025-50746 · Xmb Forum · Xmb Forum
Chokri Hammedi
·
Publicado
2025-12-11
·
Atualizado
2025-12-12
·
CVE-2024-58292
CVSS v4.0
5.3
Média
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
XMB Forum version 1.9.12.06
Description
The software contains a persistent cross-site scripting issue. Authenticated administrators can inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, leading to script execution for all forum users when pages are rendered. The affected API endpoints include template modification pages and front page settings. The vulnerable parameters are the content fields within these templates, such as the footer template and news ticker field.
Recommendations
Apply updates to address the issue. As a temporary workaround, restrict administrator access to template modification and front page settings. Sanitize all user-supplied input before rendering templates to prevent script injection.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Xmb Forum