https://www.exploit-db.com/exploits/25118
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-100

BibORB1.3.2以及可能较早版本的bibindex.php中存在跨站脚本攻击(XSS)漏洞，允许远程攻击者通过search参数来注入任意的HTML和Web脚本。

source: http://www.securityfocus.com/bid/12583/info


BibORB is reported prone to multiple vulnerabilities arising from insufficient sanitization of user-supplied input. These issues can be exploited by a remote attacker to carry out cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload attacks.

These vulnerabilities are reported to affect BibORB version 1.3.2 and all previous versions. 

http://www.example.com/biborb/bibindex.php?mode=displaysearch&search=%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&sort=ID

来源:BID
名称:12583
链接:http://www.securityfocus.com/bid/12583
来源:FULLDISC
名称:20050217Advisory:MultipleVulnerabilitiesinBibORB
链接:http://marc.theaimsgroup.com/?l=full-disclosure&m;=110864983905770&w;=2
来源:BUGTRAQ
名称:20050217Advisory:MultipleVulnerabilitiesinBibORB
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110868948719773&w;=2