header-logo
Suggest Exploit
vendor:
FluxBB
by:
Chokri Hammedi
4.1
CVSS
MEDIUM
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: FluxBB
Affected Version From: 1.5
Affected Version To: 40664
Patch Exists: NO
Related CWE: CVE-2025-XXXX (Example)
CPE: a:fluxbb:fluxbb:1.5.11
Metasploit:
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=18405https://www.infosecmatter.com/why-your-exploit-completed-but-no-session-was-created-try-these-fixes/
Platforms Tested: Windows XP
2025

FluxBB 1.5.11 Stored XSS

By inserting a malicious payload into the description text area while adding a forum in FluxBB 1.5.11, an attacker can store a script that will execute whenever users visit the home page, leading to potential XSS attacks.

Mitigation:

To mitigate this vulnerability, input validation and output encoding should be implemented to prevent the insertion of scripts into the application's fields.
Source

Exploit-DB raw data:

# Exploit Title: FluxBB 1.5.11 Stored xss
# Date: 3/8/2025
# Exploit Author: Chokri Hammedi
# Vendor Homepage: www.fluxbb.org
# Software Link: https://www.softaculous.com/apps/forums/FluxBB
# Version: FluxBB 1.5.11
# Tested on: Windows XP


1. login to admin panel
2. go to /admin_forums.php
3. click on "add forum"
4. in description text area put this payload:

<iframe src=javascript:alert(1)>

5. save changes
now everytime users enter the home page will see the alert.

Navigation

Suggest Exploit

Services By CQR