CVE-2024-58344 MEDIUM

CVE-2024-58344: Carbon Forum 5.9.0 Persistent XSS via Forum Name Field

Vendor 94Cb

Product Carbon Forum

Weakness CWE-79 · XSS

Published April 22, 2026

Last update May 24, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that execute in the browsers of all users visiting the forum, enabling session hijacking and data theft.

Key dates

02Disclosure timeline

April 22, 2026 CVE published

May 24, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-58344

Related vulnerabilities

04Related CVE

CVE-2025-30776 WordPress Sitekit plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability CVE-2023-44089 XSS in Visual Console CVE-2025-47504 WordPress Custom Checkout Fields for WooCommerce plugin <= 1.8.3 - Cross Site Scripting (XSS) Vulnerability CVE-2025-0371 Jet Elements <= 2.7.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets CVE-2025-14202 Cross-Site Request Forgery (CSRF) Leading to Account Takeover via SVG File Upload