CVE-2005-4460

Beehive Forum <= 0.6.2 - Cross-Site Scripting via Name, Description, or Comment Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4460. PoCs published by Alireza Hassani.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Beehive Forum, allowing attacker-supplied script code to execute in the context of the affected site. The provided script steals cookie-based authentication credentials by redirecting them to an attacker-controlled server.

Description

Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Description, and (3) Comment fields to (a) links.php and (b) links_add.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alireza Hassani · textwebappsphp

https://www.exploit-db.com/exploits/26923

View Code ZIP pw:eip

This exploit demonstrates an HTML injection vulnerability in Beehive Forum, allowing attacker-supplied script code to execute in the context of the affected site. The provided script steals cookie-based authentication credentials by redirecting them to an attacker-controlled server.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Beehive Forum (version not specified)

No auth needed

Prerequisites: Access to a vulnerable Beehive Forum instance · Ability to inject malicious script into user-supplied input fields

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Product x_refsource_misc

http://cvs.sourceforge.net/viewcvs.py/beehiveforum/beehiveforum/forum/index.php?rev=1.121&view=log

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/18154

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/23879

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/419988/100/0/threaded

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2005/3043

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/16002

Scores

EPSS 0.0209

EPSS Percentile 79.2%

Details

Status published

Products (10)

beehive_forum/beehive_forum 0.1

beehive_forum/beehive_forum 0.1.1

beehive_forum/beehive_forum 0.2

beehive_forum/beehive_forum 0.3

beehive_forum/beehive_forum 0.3.1

beehive_forum/beehive_forum 0.4

beehive_forum/beehive_forum 0.5

beehive_forum/beehive_forum 0.6.2

beehive_forum/beehive_forum 0.6rc1

beehive_forum/beehive_forum 0.6rc2

Published Dec 21, 2005

Tracked Since Feb 18, 2026