EIP-2026-100186
PRE-CVECartWIZ 1.10 - 'login.asp' Message Argument Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-100186. PoCs published by Dcrab.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in CartWIZ due to improper input sanitization. The PoC injects a script tag into the 'message' parameter to execute arbitrary JavaScript in the context of the user's browser.
Description
CartWIZ 1.10 - 'login.asp' Message Argument Cross-Site Scripting
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Dcrab · textwebappsasp
https://www.exploit-db.com/exploits/25520
This exploit demonstrates a cross-site scripting (XSS) vulnerability in CartWIZ due to improper input sanitization. The PoC injects a script tag into the 'message' parameter to execute arbitrary JavaScript in the context of the user's browser.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
CartWIZ (version unspecified)
No auth needed
Prerequisites:
Access to a vulnerable CartWIZ instance · User interaction to trigger the XSS payload
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026