Home Tools Exploits & CVE's Carbon Forum 5.9.0 Cross Site Scripting

Carbon Forum 5.9.0 Cross Site Scripting

June 14, 2024

Carbon Forum version 5.9.0 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: Persistent XSS in Carbon Forum 5.9.0 (Stored)
# Date: 06/12/2024
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://www.94cb.com/
# Software Link: https://github.com/lincanbin/Carbon-Forum
# Version: 5.9.0
# Tested on: Windows XP
# CVE: N/A

## Vulnerability Details

A persistent (stored) XSS vulnerability was discovered in Carbon Forum
version 5.9.0. The vulnerability allows an attacker to inject malicious
JavaScript code into the Forum Name field under the admin settings. This
payload is stored on the server and executed in the browser of any user who
visits the forum, leading to potential session hijacking, data theft, and
other malicious activities.

## Steps to Reproduce

1. Login as Admin: Access the Carbon Forum with admin privileges.
2. Navigate to Settings: Go to the '/dashboard' and select the Basic
section.
3. Enter Payload : Input the following payload in the Forum Name field:

    <script>alert('XSS');</script>

4. Save Settings: Save the changes.
5. The xss payload will triggers

Carbon Forum 5.9.0 Cross Site Scripting

LEAVE A REPLY Cancel reply

Follow us on Instagram @thecyberpost

EDITOR PICKS

Rejetto HTTP File Server (HFS) Unauthenticated Remote Code Execution

Telerik Report Server Authentication Bypass / Remote Code Execution

PHP Remote Code Execution

POPULAR POSTS

Oracle Database Password Hash Unauthorized Access

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

POPULAR CATEGORY

Employee Performance Evaluation System 1.0 SQL Injection

Transposh WordPress Translation 1.0.7 Incorrect Authorization

Hospital Management System 1.0 SQL Injection