CVE-2024-58291 - Vulnerability Details

Flatboard 3.2 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts in forum information fields. Attackers can insert JavaScript payloads that execute when other users view the forum, potentially stealing session cookies and executing client-side scripts.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Flatboard	Flatboard

No data.

References

Link	Providers
https://flatboard.org/
https://flatboard.org/support
https://www.exploit-db.com/exploits/52054
https://www.vulncheck.com/advisories/flatboard-authenticated-stored-cross-site-scripting-via-forum-information-field

History

Fri, 12 Dec 2025 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Flatboard Flatboard flatboard
Vendors & Products		Flatboard Flatboard flatboard

Thu, 11 Dec 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description		Flatboard 3.2 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts in forum information fields. Attackers can insert JavaScript payloads that execute when other users view the forum, potentially stealing session cookies and executing client-side scripts.
Title		Flatboard 3.2 Authenticated Stored Cross-Site Scripting via Forum Information Field
Weaknesses		CWE-79
References		https://flatboard.org/ https://flatboard.org/support https://www.exploit-db.com/exploits/52054 https://www.vulncheck.com/advisories/flatboard-authenticated-stored-cross-site-scripting-via-forum-information-field
Metrics		cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-11T21:35:12.229Z

Updated: 2025-12-11T21:35:12.229Z

Reserved: 2025-12-10T23:46:14.009Z

Link: CVE-2024-58291

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-11T22:15:49.947

Modified: 2025-12-11T22:15:49.947

Link: CVE-2024-58291

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object