Security
Headlines
HeadlinesLatestCVEs

Headline

Carbon Forum 5.9.0 Cross Site Scripting

Carbon Forum version 5.9.0 suffers from a persistent cross site scripting vulnerability.

Packet Storm
#xss#vulnerability#windows#git#java#auth
# Exploit Title: Persistent XSS in Carbon Forum 5.9.0 (Stored)# Date: 06/12/2024# Exploit Author: Chokri Hammedi# Vendor Homepage: https://www.94cb.com/# Software Link: https://github.com/lincanbin/Carbon-Forum# Version: 5.9.0# Tested on: Windows XP# CVE: N/A## Vulnerability DetailsA persistent (stored) XSS vulnerability was discovered in Carbon Forumversion 5.9.0. The vulnerability allows an attacker to inject maliciousJavaScript code into the Forum Name field under the admin settings. Thispayload is stored on the server and executed in the browser of any user whovisits the forum, leading to potential session hijacking, data theft, andother malicious activities.## Steps to Reproduce1. Login as Admin: Access the Carbon Forum with admin privileges.2. Navigate to Settings: Go to the '/dashboard' and select the Basicsection.3. Enter Payload : Input the following payload in the Forum Name field:    <script>alert('XSS');</script>4. Save Settings: Save the changes.5. The xss payload will triggers

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution