CVE-2014-9919

MEDIUM

Bilboplanet 2.0 - Stored Cross-Site Scripting via Fullname Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9919. PoCs published by Vivek N.

AI-analyzed exploit summary This is a writeup describing multiple stored XSS vulnerabilities in the Bilboplanet application version 2.0. It outlines three specific endpoints and parameters where XSS payloads can be injected, but does not include actual exploit code or payloads.

Description

An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Vivek N · textwebappsphp
https://www.exploit-db.com/exploits/34089

This is a writeup describing multiple stored XSS vulnerabilities in the Bilboplanet application version 2.0. It outlines three specific endpoints and parameters where XSS payloads can be injected, but does not include actual exploit code or payloads.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Bilboplanet 2.0
Auth required
Prerequisites: Access to the Bilboplanet application · Valid user credentials for authenticated endpoints
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/34089/

Scores

CVSS v3 6.1
EPSS 0.0080
EPSS Percentile 51.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
bilboplanet/bilboplanet 2.0
Published May 15, 2019
Tracked Since Feb 18, 2026