CVE-2013-6233

SpagoBI < 4.0 - Authenticated Cross-Site Scripting via Short Document Metadata Description Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6233. PoCs published by Christian Catalano.

AI-analyzed exploit summary This advisory describes a persistent HTML script insertion vulnerability in SpagoBI, allowing an attacker to inject malicious forms into input fields like 'Description' in 'Short document metadata'. The vulnerability can be exploited to conduct phishing attacks by capturing user credentials when victims interact with the injected content.

Description

Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the "Short document metadata."

Exploits (1)

exploitdb WRITEUP
by Christian Catalano · textwebappsphp
https://www.exploit-db.com/exploits/32039

This advisory describes a persistent HTML script insertion vulnerability in SpagoBI, allowing an attacker to inject malicious forms into input fields like 'Description' in 'Short document metadata'. The vulnerability can be exploited to conduct phishing attacks by capturing user credentials when victims interact with the injected content.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: SpagoBI 4.0
Auth required
Prerequisites: Low-privileged application user account · User interaction to save and view the injected content
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/32039
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/531322/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65915
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91506

Scores

EPSS 0.0322
EPSS Percentile 86.7%

Details

CWE
CWE-79
Status published
Products (1)
eng/spagobi < 4.0
Published Mar 09, 2014
Tracked Since Feb 18, 2026