CVE-2026-36358

MEDIUM

Juzaweb CMS 5.0.0 - Cross-Site Scripting via Add Banner Ads Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-36358. PoCs published by yuhuamiao.

AI-analyzed exploit summary This repository provides a detailed step-by-step guide demonstrating a stored XSS vulnerability in Juzaweb CMS v5.0.0 via the banner ad creation feature. It includes screenshots and instructions but lacks actual exploit code.

Description

Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function

Exploits (1)

nomisec WRITEUP 1 stars

by yuhuamiao · poc

https://github.com/yuhuamiao/CVE-2026-36358

View Code ZIP pw:eip

This repository provides a detailed step-by-step guide demonstrating a stored XSS vulnerability in Juzaweb CMS v5.0.0 via the banner ad creation feature. It includes screenshots and instructions but lacks actual exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Juzaweb CMS v5.0.0

Auth required

Prerequisites: admin access to Juzaweb CMS · ability to create banner ads

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 07, 2026 Full analysis →

References (3)

Core 3

Core References

https://juzaweb.com/

http://juzaweb.com

https://gist.github.com/yuhuamiao/2c984b2d7f2adb90020818f9308b5862

Scores

CVSS v3 5.4

EPSS 0.0025

EPSS Percentile 16.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Published May 06, 2026

Tracked Since May 06, 2026