CVE-2006-2178

CyberOffice Warehouse Builder - Cross-Site Scripting via SessionID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-2178. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes multiple input-validation vulnerabilities in CyberBuild, including XSS and SQL injection, but does not contain actual exploit code. It includes example URLs demonstrating XSS injection points.

Description

Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. NOTE: vectors 1 and 2 might be resultant from SQL injection.

Exploits (3)

exploitdb WRITEUP VERIFIED
by r0t · textwebappsasp
https://www.exploit-db.com/exploits/27817

The provided text describes multiple input-validation vulnerabilities in CyberBuild, including XSS and SQL injection, but does not contain actual exploit code. It includes example URLs demonstrating XSS injection points.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: CyberBuild (version not specified)
No auth needed
Prerequisites: Access to the vulnerable application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsasp
https://www.exploit-db.com/exploits/27815

The provided text describes input-validation vulnerabilities in CyberBuild, including XSS and SQL injection, but does not contain functional exploit code. It references a generic example URL for XSS demonstration.

Classification
Writeup 90%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Theoretical
Target: CyberBuild (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsasp
https://www.exploit-db.com/exploits/27816

The provided text describes input-validation vulnerabilities in CyberBuild, including XSS and SQL injection, but does not contain functional exploit code. It references a SecurityFocus BID and provides a generic XSS example URL.

Classification
Writeup 90%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Theoretical
Target: CyberBuild (version unspecified)
No auth needed
Prerequisites: Access to a vulnerable CyberBuild instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1630
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/25198
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/25199
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/25197
Third Party Advisory x_refsource_misc
http://pridels0.blogspot.com/2006/05/cyberbuild-vuln.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17829
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26202
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19889

Scores

EPSS 0.0154
EPSS Percentile 71.6%

Details

CWE
CWE-79
Status published
Products (1)
smartwin_technology/cyberoffice_warehouse_builder
Published May 04, 2006
Tracked Since Feb 18, 2026