Filtered by vendor Xmbforum2 Subscriptions
Filtered by product Xmb Subscriptions

Search

Switch to Advanced Search (Beta)
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-58292 2 Xmb Forum, Xmbforum2 2 Xmb, Xmb 2025-12-12 N/A
XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for all forum users when pages are rendered.
CVE-2021-29399 2 Php, Xmbforum2 2 Php, Xmb 2024-11-21 6.1 Medium
XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16.