EIP-2026-102237
PRE-CVEFolder Plus 2.5.1 iOS - Persistent Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-102237. PoCs published by Vulnerability-Lab.
AI-analyzed exploit summary This is a writeup detailing a persistent XSS vulnerability in Folder Plus v2.5.1 iOS app. The vulnerability allows script injection via the 'create folder' function, executed when a higher-privileged user deletes the item.
Description
Folder Plus 2.5.1 iOS - Persistent Cross-Site Scripting
Exploits (1)
exploitdb
WRITEUP
by Vulnerability-Lab · textwebappsios
https://www.exploit-db.com/exploits/35083
This is a writeup detailing a persistent XSS vulnerability in Folder Plus v2.5.1 iOS app. The vulnerability allows script injection via the 'create folder' function, executed when a higher-privileged user deletes the item.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target:
Folder Plus v2.5.1 iOS
Auth required
Prerequisites:
Low-privileged user account · User interaction to delete the injected item
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026