CVE-2014-9522

CMS Papoo Light 6.0.0 Rev 4701 - Cross-Site Scripting via Guestbook Author or Account Username

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9522. PoCs published by Steffen Rösemann.

AI-analyzed exploit summary The advisory describes two persistent XSS vulnerabilities in CMS Papoo Light v6, affecting the guestbook and user registration functionalities. The payloads are stored in the database and executed when displayed.

Description

Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.

Exploits (1)

exploitdb WRITEUP
by Steffen Rösemann · textwebappsphp
https://www.exploit-db.com/exploits/35551

The advisory describes two persistent XSS vulnerabilities in CMS Papoo Light v6, affecting the guestbook and user registration functionalities. The payloads are stored in the database and executed when displayed.

Classification
Writeup 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: CMS Papoo Light v6.0.0 Rev. 4701
No auth needed
Prerequisites: Access to guestbook or user registration page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/115944
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534243/100/0/threaded
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/35551
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/71676

Scores

EPSS 0.0350
EPSS Percentile 87.6%

Details

CWE
CWE-79
Status published
Products (1)
papoo/cms_papoo_light 6.0.0
Published Jan 05, 2015
Tracked Since Feb 18, 2026