CVE-2006-2178

Smartwin Technology Cyberoffice Warehouse Builder - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. NOTE: vectors 1 and 2 might be resultant from SQL injection.

Exploits (3)

exploitdb WRITEUP VERIFIED
by r0t · textwebappsasp
https://www.exploit-db.com/exploits/27816
exploitdb WRITEUP VERIFIED
by r0t · textwebappsasp
https://www.exploit-db.com/exploits/27815
exploitdb WRITEUP VERIFIED
by r0t · textwebappsasp
https://www.exploit-db.com/exploits/27817

References (8)

Scores

EPSS 0.0072
EPSS Percentile 72.2%

Classification

CWE
CWE-79
Status draft

Affected Products (1)

smartwin_technology/cyberoffice_warehouse_builder

Timeline

Published May 04, 2006
Tracked Since Feb 18, 2026