CVE-2006-2696

Easy-Content Forums 1.0 - Cross-Site Scripting via startletter or catid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2696.

AI-analyzed exploit summary The exploit demonstrates SQL injection and XSS vulnerabilities in Easy-Content Forums 1.0 by providing functional payloads for both attack vectors. It includes specific URLs and parameters to exploit the vulnerabilities, such as injecting SQL queries via the 'catid' parameter and executing XSS via the 'forumname' parameter.

Description

Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) startletter parameter in userview.asp and the (2) catid parameter in topics.asp.

Exploits (1)

exploitdb WORKING POC
webappsasp
https://www.exploit-db.com/exploits/1834

The exploit demonstrates SQL injection and XSS vulnerabilities in Easy-Content Forums 1.0 by providing functional payloads for both attack vectors. It includes specific URLs and parameters to exploit the vulnerabilities, such as injecting SQL queries via the 'catid' parameter and executing XSS via the 'forumname' parameter.

Classification
Working Poc 95%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: Easy-Content Forums 1.0
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/435140/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/997
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26803

Scores

EPSS 0.0179
EPSS Percentile 75.4%

Details

Status published
Products (1)
easy-content_forums/easy-content_forums 1.0
Published May 31, 2006
Tracked Since Feb 18, 2026