Exploitation Summary
EIP tracks 1 public exploit for CVE-2013-4888. PoCs published by Jacob Holcomb.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Xibo 1.4.2 by injecting malicious HTML and JavaScript code via the 'layout' and 'description' parameters in a POST request. The payload triggers an alert and embeds an iframe, showcasing stored XSS.
Description
Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page.
Exploits (1)
This exploit demonstrates an HTML injection vulnerability in Xibo 1.4.2 by injecting malicious HTML and JavaScript code via the 'layout' and 'description' parameters in a POST request. The payload triggers an alert and embeds an iframe, showcasing stored XSS.