CVE-2006-2821

DeltaScripts Pro Publish - Cross-Site Scripting via artid or catname Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2821. PoCs published by Soot.

AI-analyzed exploit summary This exploit demonstrates XSS vulnerabilities in PHP Pro Publish by injecting arbitrary JavaScript via unsanitized input parameters in the 'artid' and 'catname' fields. The PoC uses simple script tags to trigger an alert, confirming the vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pro Publish allow remote attackers to inject arbitrary web script or HTML via the (1) artid parameter in art.php and the (2) catname parameter in cat.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Soot · textwebappsphp

https://www.exploit-db.com/exploits/27958

View Code ZIP pw:eip

This exploit demonstrates XSS vulnerabilities in PHP Pro Publish by injecting arbitrary JavaScript via unsanitized input parameters in the 'artid' and 'catname' fields. The PoC uses simple script tags to trigger an alert, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: PHP Pro Publish (version not specified)

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1027

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18243

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/435787/100/0/threaded

Exploit x_refsource_misc

http://soot.shabgard.org/bugs/propublish.txt

Scores

EPSS 0.0190

EPSS Percentile 77.1%

Details

Status published

Products (1)

deltascripts/pro_publish 2.0

Published Jun 05, 2006

Tracked Since Feb 18, 2026