CVE-2008-2646
Mebiblio - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sql parameter to dbadd.inc.php, (2) InsertJournal parameter to add_journal_mask.inc.php, (3) InsertBibliography parameter to insert_mask.inc.php, and (4) LabelYear parameter to search_mask.inc.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by CWH Underground · textwebappsphp
https://www.exploit-db.com/exploits/5716
Scores
EPSS
0.0313
EPSS Percentile
86.7%
Classification
CWE
CWE-79
Status
draft
Affected Products (1)
mebiblio/mebiblio
Timeline
Published
Jun 10, 2008
Tracked Since
Feb 18, 2026