CVE-2004-1965

Exploitation Summary

EIP tracks 5 public exploits for CVE-2004-1965. PoCs published by JeiAr, GulfTech Security. A Nuclei detection template is also available.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in OpenBB due to improper input sanitization. It includes a sample XSS payload but lacks executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.

Exploits (5)

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/24054

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in OpenBB due to improper input sanitization. It includes a sample XSS payload but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: OpenBB (version not specified)

No auth needed

Prerequisites: Access to a vulnerable OpenBB instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/24053

View Code ZIP pw:eip

This is a vulnerability writeup describing SQL injection and XSS vulnerabilities in OpenBB. It provides a high-level overview of the issues but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: OpenBB (version not specified)

No auth needed

Prerequisites: Access to the vulnerable OpenBB instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/24052

View Code ZIP pw:eip

This is a vulnerability writeup describing SQL injection and XSS vulnerabilities in OpenBB. It provides details on the issues but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: OpenBB (version not specified)

No auth needed

Prerequisites: Access to the vulnerable OpenBB instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by JeiAr · textwebappsphp

https://www.exploit-db.com/exploits/24055

View Code ZIP pw:eip

This is a vulnerability writeup describing SQL injection and XSS vulnerabilities in OpenBB. It does not contain exploit code but provides technical details and example attack vectors.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: OpenBB (version not specified)

No auth needed

Prerequisites: Access to the vulnerable OpenBB instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43811

View Code ZIP pw:eip

This is a detailed vulnerability writeup for CVE-2004-1965, describing multiple issues in OpenBB <= 1.0.6, including XSS, SQL injection, and arbitrary command execution via unsafe GET requests. It provides examples of vulnerable endpoints and code snippets but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Xss | Sqli | Other

Complexity

Trivial

Reliability

Theoretical

Target: OpenBB <= 1.0.6

No auth needed

Prerequisites: Access to vulnerable OpenBB instance

MITRE ATT&CK