CVE-2024-58344

Source
https://cve.org/CVERecord?id=CVE-2024-58344
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58344.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-58344
Published
2026-04-22T14:57:06.069Z
Modified
2026-07-15T01:48:55.792667363Z
Severity
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
Summary
Carbon Forum 5.9.0 Persistent XSS via Forum Name Field
Details

Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that execute in the browsers of all users visiting the forum, enabling session hijacking and data theft.

Database specific
{
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/58xxx/CVE-2024-58344.json"
}
References

Affected packages

Git / github.com/lincanbin/carbon-forum

Affected ranges

Type
GIT
Repo
https://github.com/lincanbin/carbon-forum
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "5.9.0"
        },
        {
            "last_affected": "5.9.0"
        }
    ]
}

Affected versions

5.*
5.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58344.json"