Description
Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 allow remote attackers to inject arbitrary web script or HTML via the menuid parameter to (1) index.php or (2) forum.php, or the (3) reporeid_print parameter to print.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Rusydi Hasan · textwebappsphp
https://www.exploit-db.com/exploits/27647
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/431009/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17530
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015939
Scores
EPSS
0.0041
EPSS Percentile
61.1%
Details
CWE
CWE-79
Status
published
Products (1)
papoo/papoo
2.1.5
Published
Apr 20, 2006
Tracked Since
Feb 18, 2026