Ghostwire

CVE-2024-58344: Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to...

MEDIUM CVSS 5.5

Published: April 22, 2026 | Last Modified: April 22, 2026

Description

Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that execute in the browsers of all users visiting the forum, enabling session hijacking and data theft.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

References

www.tenable.com/cve/CVE-2024-58344
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2024-58344