EIP-2026-100222

PRE-CVE

Comersus Open Technologies Comersus Cart 6.0.41 - Multiple Cross-Site Scripting Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100222. PoCs published by Diabolic Crab.

AI-analyzed exploit summary The exploit demonstrates XSS vulnerabilities in Comersus Cart by injecting malicious script tags into URL parameters. The PoC shows how arbitrary JavaScript can be executed in the context of the affected site, potentially leading to cookie theft.

Description

Comersus Open Technologies Comersus Cart 6.0.41 - Multiple Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Diabolic Crab · textwebappsasp

https://www.exploit-db.com/exploits/25956

View Code ZIP pw:eip

The exploit demonstrates XSS vulnerabilities in Comersus Cart by injecting malicious script tags into URL parameters. The PoC shows how arbitrary JavaScript can be executed in the context of the affected site, potentially leading to cookie theft.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Comersus Cart (version not specified)

No auth needed

Prerequisites: Access to the target application's URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026