Exploitation Summary
EIP tracks 1 public exploit for CVE-2013-4664. PoCs published by Christy Philip Mathew.
AI-analyzed exploit summary This exploit demonstrates XSS and CSRF vulnerabilities in SPBAS Business Automation Software 2012. The XSS payloads inject malicious scripts via user input fields, while the CSRF examples show unauthorized form submissions to modify user data.
Description
SPBAS Business Automation Software 2012 has XSS.
Exploits (1)
exploitdb
WORKING POC
by Christy Philip Mathew · textwebappsphp
https://www.exploit-db.com/exploits/26244
This exploit demonstrates XSS and CSRF vulnerabilities in SPBAS Business Automation Software 2012. The XSS payloads inject malicious scripts via user input fields, while the CSRF examples show unauthorized form submissions to modify user data.
Classification
Working Poc 100%
Attack Type
Xss | Csrf
Complexity
Trivial
Reliability
Reliable
Target:
SPBAS Business Automation Software 2012
Auth required
Prerequisites:
Victim must be authenticated and tricked into visiting a malicious page or submitting crafted input
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Broken Link x_refsource_misc
http://www.offcon.org/research.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/26244
Exploit, Third Party Advisory x_refsource_misc
https://www.exploit-database.net/?id=48229
Scores
CVSS v3
6.1
EPSS
0.0222
EPSS Percentile
80.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
spbas/business_automation_software
2012
Published
Dec 27, 2019
Tracked Since
Feb 18, 2026