EIP-2026-100386

PRE-CVE

Kentico CMS 5.5R2.23 - 'userContextMenu_Parameter' Cross-Site Scripting

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100386. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Kentico CMS by injecting a malicious script into the 'userContextMenu_parameter' via a POST request. The payload triggers an alert when the mouse hovers over the affected element, confirming the vulnerability.

Description

Kentico CMS 5.5R2.23 - 'userContextMenu_Parameter' Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED
by LiquidWorm · textwebappsasp
https://www.exploit-db.com/exploits/35807

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Kentico CMS by injecting a malicious script into the 'userContextMenu_parameter' via a POST request. The payload triggers an alert when the mouse hovers over the affected element, confirming the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Kentico CMS 5.5R2.23
No auth needed
Prerequisites: Access to the target web application · User interaction (mouseover)
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026