EIP-2026-100381

PRE-CVE

jmd-cms - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100381. PoCs published by Abysssec.

AI-analyzed exploit summary This is a vulnerability writeup detailing multiple issues in JMD-CMS Alpha 3.0.0.9, including arbitrary file upload via FCKEditor and persistent XSS vulnerabilities in admin and registration pages. No exploit code is provided, only descriptions and vulnerable paths.

Description

jmd-cms - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by Abysssec · textwebappsasp

https://www.exploit-db.com/exploits/15044

View Code ZIP pw:eip

This is a vulnerability writeup detailing multiple issues in JMD-CMS Alpha 3.0.0.9, including arbitrary file upload via FCKEditor and persistent XSS vulnerabilities in admin and registration pages. No exploit code is provided, only descriptions and vulnerable paths.

Classification

Writeup 90%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: JMD-CMS Alpha 3.0.0.9

Auth required

Prerequisites: Access to admin panel or registration page · FCKEditor enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026