CVE-2013-4759

Magnolia Form module <1.4.7-2.0.2 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4759. PoCs published by High-Tech Bridge.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Magnolia CMS by injecting malicious JavaScript into user registration fields. The PoC submits a form with script tags in the username, fullName, and email fields, which execute when rendered.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge · htmlwebappsphp

https://www.exploit-db.com/exploits/38675

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Magnolia CMS by injecting malicious JavaScript into user registration fields. The PoC submits a form with script tags in the username, fullName, and email fields, which execute when rendered.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Magnolia CMS versions 4.5.7, 4.5.8, 4.5.9, 5.0, and 5.0.1

No auth needed

Prerequisites: Access to the registration page of a vulnerable Magnolia CMS instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit x_refsource_misc

https://www.htbridge.com/advisory/HTB23163

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/85940

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/61423

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/95628

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2013-07/0160.html

Exploit x_refsource_misc

http://packetstormsecurity.com/files/122527/Magnolia-CMS-5.0.1-Community-Edition-Cross-Site-Scripting.html

Scores

EPSS 0.0350

EPSS Percentile 87.6%

Details

CWE

CWE-79

Status published

Products (9)

magnolia-cms/magnolia_form_module 1.4

magnolia-cms/magnolia_form_module 1.4.1

magnolia-cms/magnolia_form_module 1.4.2

magnolia-cms/magnolia_form_module 1.4.3

magnolia-cms/magnolia_form_module 1.4.4

magnolia-cms/magnolia_form_module 1.4.5

magnolia-cms/magnolia_form_module 1.4.6

magnolia-cms/magnolia_form_module 2.0

magnolia-cms/magnolia_form_module 2.0.1

Published Aug 09, 2013

Tracked Since Feb 18, 2026