CVE-2006-4708

Vikingboard 0.1b - Cross-Site Scripting via act and p Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-4708. PoCs published by Hessam-x.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Vikingboard version 0.1b, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could exploit this issue by injecting malicious scripts via the 'p' parameter in report.php.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web script or HTML via the (1) act parameter in (a) help.php and (b) search.php, and the (2) p parameter in report.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Hessam-x · textwebappsphp
https://www.exploit-db.com/exploits/28498

The provided text describes a cross-site scripting (XSS) vulnerability in Vikingboard version 0.1b, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could exploit this issue by injecting malicious scripts via the 'p' parameter in report.php.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Vikingboard 0.1b
No auth needed
Prerequisites: Access to the target application's report.php endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Hessam-x · textwebappsphp
https://www.exploit-db.com/exploits/28497

The provided text describes a cross-site scripting (XSS) vulnerability in Vikingboard 0.1b, where user-supplied input via the 'act' parameter in help.php is not properly sanitized. The writeup references a SecurityFocus BID but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Vikingboard 0.1b
No auth needed
Prerequisites: Access to the target URL with the vulnerable parameter
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19916
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/445719/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1539

Scores

EPSS 0.0188
EPSS Percentile 76.7%

Details

Status published
Products (1)
vikingboard/vikingboard 0.1b
Published Sep 12, 2006
Tracked Since Feb 18, 2026