EIP-2026-102221

PRE-CVE

ChatSecure IM 2.2.4 iOS - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102221. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This is a writeup describing a persistent XSS vulnerability in ChatSecure IM v2.2.4 iOS. The vulnerability allows script injection via the message body context, leading to session hijacking or phishing. The PoC payload demonstrates an embedded SVG object with malicious script execution.

Description

ChatSecure IM 2.2.4 iOS - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappsios

https://www.exploit-db.com/exploits/34627

View Code ZIP pw:eip

This is a writeup describing a persistent XSS vulnerability in ChatSecure IM v2.2.4 iOS. The vulnerability allows script injection via the message body context, leading to session hijacking or phishing. The PoC payload demonstrates an embedded SVG object with malicious script execution.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: ChatSecure IM v2.2.4 iOS

Auth required

Prerequisites: Privileged application user account · Interaction with a victim via chat

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026