CVE-2013-6233
SpagoBI < 4.0 - Authenticated Cross-Site Scripting via Short Document Metadata Description Field
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-6233. PoCs published by Christian Catalano.
AI-analyzed exploit summary This advisory describes a persistent HTML script insertion vulnerability in SpagoBI, allowing an attacker to inject malicious forms into input fields like 'Description' in 'Short document metadata'. The vulnerability can be exploited to conduct phishing attacks by capturing user credentials when victims interact with the injected content.
Description
Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the "Short document metadata."
Exploits (1)
This advisory describes a persistent HTML script insertion vulnerability in SpagoBI, allowing an attacker to inject malicious forms into input fields like 'Description' in 'Short document metadata'. The vulnerability can be exploited to conduct phishing attacks by capturing user credentials when victims interact with the injected content.