CVE-2005-0251

BibORB 1.3.2 - Cross-Site Scripting via Search Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-0251. PoCs published by Patrick Hof.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in BibORB version 1.3.2 and earlier, including XSS, SQL injection, and directory traversal. It includes a basic XSS payload example but lacks executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Patrick Hof · textwebappsphp
https://www.exploit-db.com/exploits/25119

The provided text describes multiple vulnerabilities in BibORB version 1.3.2 and earlier, including XSS, SQL injection, and directory traversal. It includes a basic XSS payload example but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: BibORB <= 1.3.2
No auth needed
Prerequisites: Access to the 'Add Database' functionality
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Patrick Hof · textwebappsphp
https://www.exploit-db.com/exploits/25118

The provided text describes multiple vulnerabilities in BibORB 1.3.2 and earlier, including XSS, SQL injection, and directory traversal. It includes a sample XSS payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: BibORB <= 1.3.2
No auth needed
Prerequisites: Access to the vulnerable BibORB web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12583
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110868948719773&w=2
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=110864983905770&w=2

Scores

EPSS 0.0253
EPSS Percentile 82.8%

Details

CWE
CWE-79
Status published
Products (1)
guillaumegardey/biborb 1.3.2 (2 CPE variants)
Published May 02, 2005
Tracked Since Feb 18, 2026