CVE-2024-58292

UNKNOWN 0.0

XMB Forum 1.9.12.06 Persistent Cross-Site Scripting via Admin Templates

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for all forum users when pages are rendered.

CWE	CWE-79
Vendor	xmbforum2
Product	xmb forum
Published	Dec 11, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for xmbforum2 xmb forum

Be the first to know when new unknown vulnerabilities affecting xmbforum2 xmb forum are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

xmbforum2 / XMB Forum

1.9.12.06

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/52044 xmbforum2.com: https://www.xmbforum2.com/ vulncheck.com: https://www.vulncheck.com/advisories/xmb-forum-persistent-cross-site-scripting-via-admin-templates

Credits

Chokri Hammedi