CVE-2006-6153

vSpin.net Classified System 2004 - Cross-Site Scripting via catname or minprice Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6153. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in vSpin Classified System due to insufficient input sanitization. It includes a URL example demonstrating an XSS payload but lacks executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29106

The provided text describes SQL injection and XSS vulnerabilities in vSpin Classified System due to insufficient input sanitization. It includes a URL example demonstrating an XSS payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Theoretical
Target: vSpin Classified System
No auth needed
Prerequisites: Access to the vulnerable search.asp endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29105

The provided text describes SQL injection and XSS vulnerabilities in vSpin Classified System due to insufficient input sanitization. It includes a basic XSS example but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Theoretical
Target: vSpin Classified System
No auth needed
Prerequisites: access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22987
URL Repurposed x_refsource_misc
http://s-a-p.ca/index.php?page=OurAdvisories&id=47
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017259
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1926
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21190
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30446
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452179/100/100/threaded

Scores

EPSS 0.0206
EPSS Percentile 78.8%

Details

Status published
Products (1)
vspin.net/classified_system 2004
Published Nov 28, 2006
Tracked Since Feb 18, 2026