CVE-2006-1918

papoo 2.1.5 - Cross-Site Scripting via menuid or reporeid_print Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1918. PoCs published by Rusydi Hasan.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Papoo, where user-supplied input is not properly sanitized in the 'print.php' script. An attacker can exploit this by injecting arbitrary script code via the 'reporeid_print' parameter.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 allow remote attackers to inject arbitrary web script or HTML via the menuid parameter to (1) index.php or (2) forum.php, or the (3) reporeid_print parameter to print.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Rusydi Hasan · textwebappsphp

https://www.exploit-db.com/exploits/27647

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Papoo, where user-supplied input is not properly sanitized in the 'print.php' script. An attacker can exploit this by injecting arbitrary script code via the 'reporeid_print' parameter.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Papoo (version not specified)

No auth needed

Prerequisites: Access to the target URL with the vulnerable parameter

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/431009/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17530

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1015939

Scores

EPSS 0.0171

EPSS Percentile 74.4%

Details

CWE

CWE-79

Status published

Products (1)

papoo/papoo 2.1.5

Published Apr 20, 2006

Tracked Since Feb 18, 2026