Detections
Analytics

CVE-2024-58291

medium

Description

Flatboard 3.2 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts in forum information fields. Attackers can insert JavaScript payloads that execute when other users view the forum, potentially stealing session cookies and executing client-side scripts.

References

https://www.vulncheck.com/advisories/flatboard-authenticated-stored-cross-site-scripting-via-forum-information-field

https://www.exploit-db.com/exploits/52054

https://flatboard.org/support

https://flatboard.org/

Details

Source: Mitre, NVD

Published: 2025-12-11

Updated: 2025-12-12

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Severity: Medium

EPSS

EPSS: 0.00047