CVE-2006-6518

ProNews 1.5 - Cross-Site Scripting via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6518. PoCs published by Mr_KaLiMaN.

AI-analyzed exploit summary The provided text describes multiple input-validation vulnerabilities in ProNews 1.5, including XSS and SQL injection, but does not contain actual exploit code. It references a URL parameter vulnerable to XSS.

Description

Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) site, and (7) lien parameters to (a) admin/change.php, and the (8) aa parameter to (b) lire-avis.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Mr_KaLiMaN · textwebappsphp

https://www.exploit-db.com/exploits/29269

View Code ZIP pw:eip

The provided text describes multiple input-validation vulnerabilities in ProNews 1.5, including XSS and SQL injection, but does not contain actual exploit code. It references a URL parameter vulnerable to XSS.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: ProNews 1.5

No auth needed

Prerequisites: Access to the vulnerable URL parameter

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Mr_KaLiMaN · textwebappsphp

https://www.exploit-db.com/exploits/29267

View Code ZIP pw:eip

The provided text describes multiple input-validation vulnerabilities in ProNews 1.5, including XSS and SQL injection, but does not contain executable exploit code. It outlines attack vectors via malformed URLs.

Classification

Writeup 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Theoretical

Target: ProNews 1.5

No auth needed

Prerequisites: Access to the target application's admin interface

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21516

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2025

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/453964/100/0/threaded

Scores

EPSS 0.0172

EPSS Percentile 74.5%

Details

Status published

Products (1)

scriptphp/pronews 1.5

Published Dec 14, 2006

Tracked Since Feb 18, 2026