Search criteria
2 vulnerabilities by xmbforum2
CVE-2024-58292 (GCVE-0-2024-58292)
Vulnerability from cvelistv5 – Published: 2025-12-11 21:35 – Updated: 2026-04-07 14:08
VLAI
Title
XMB Forum 1.9.12.06 Persistent Cross-Site Scripting via Admin Templates
Summary
XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for all forum users when pages are rendered.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/52044 | exploit |
| https://www.xmbforum2.com/ | product |
| https://www.vulncheck.com/advisories/xmb-forum-pe… | third-party-advisory |
Date Public
2024-06-14 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58292",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T20:34:14.793458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T20:34:29.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XMB Forum",
"vendor": "xmbforum2",
"versions": [
{
"status": "affected",
"version": "1.9.12.06"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chokri Hammedi"
}
],
"datePublic": "2024-06-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eXMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for all forum users when pages are rendered.\u003c/p\u003e"
}
],
"value": "XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for all forum users when pages are rendered."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:08:40.863Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-52044",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/52044"
},
{
"name": "XMB Forum Homepage",
"tags": [
"product"
],
"url": "https://www.xmbforum2.com/"
},
{
"name": "VulnCheck Advisory: XMB Forum 1.9.12.06 Persistent Cross-Site Scripting via Admin Templates",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/xmb-forum-persistent-cross-site-scripting-via-admin-templates"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XMB Forum 1.9.12.06 Persistent Cross-Site Scripting via Admin Templates",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58292",
"datePublished": "2025-12-11T21:35:30.698Z",
"dateReserved": "2025-12-11T00:58:28.456Z",
"dateUpdated": "2026-04-07T14:08:40.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-29399 (GCVE-0-2021-29399)
Vulnerability from cvelistv5 – Published: 2021-04-19 11:00 – Updated: 2024-08-03 22:02
VLAI
Summary
XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.xmbforum2.com/ | x_refsource_MISC |
| https://docs.xmbforum2.com/index.php?title=Securi… | x_refsource_MISC |
| https://forums.xmbforum2.com/viewthread.php?tid=777105 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xmbforum2.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forums.xmbforum2.com/viewthread.php?tid=777105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-19T11:00:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xmbforum2.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forums.xmbforum2.com/viewthread.php?tid=777105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-29399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.xmbforum2.com/",
"refsource": "MISC",
"url": "https://www.xmbforum2.com/"
},
{
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"refsource": "MISC",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
},
{
"name": "https://forums.xmbforum2.com/viewthread.php?tid=777105",
"refsource": "MISC",
"url": "https://forums.xmbforum2.com/viewthread.php?tid=777105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-29399",
"datePublished": "2021-04-19T11:00:27.000Z",
"dateReserved": "2021-03-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:02:51.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}