EIP-2026-100452
PRE-CVENaxtor E-directory 1.0 - 'Message.asp' Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-100452. PoCs published by basher13.
AI-analyzed exploit summary The code describes a cross-site scripting (XSS) vulnerability in Naxtor E-directory due to insufficient input sanitization. The provided URL demonstrates how an attacker can inject malicious script code to steal cookie-based authentication credentials.
Description
Naxtor E-directory 1.0 - 'Message.asp' Cross-Site Scripting
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by basher13 · textwebappsasp
https://www.exploit-db.com/exploits/26069
The code describes a cross-site scripting (XSS) vulnerability in Naxtor E-directory due to insufficient input sanitization. The provided URL demonstrates how an attacker can inject malicious script code to steal cookie-based authentication credentials.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Naxtor E-directory
No auth needed
Prerequisites:
Victim interaction required to visit crafted URL
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026