EIP-2026-102242

PRE-CVE

FTP Sprite 1.2.1 iOS - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102242. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This is a detailed vulnerability writeup describing a persistent XSS vulnerability in FTP Sprite v1.2.1 iOS application. The vulnerability allows remote attackers to inject malicious script code via folder names, leading to persistent session hijacking or phishing attacks.

Description

FTP Sprite 1.2.1 iOS - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappsios

https://www.exploit-db.com/exploits/26888

View Code ZIP pw:eip

This is a detailed vulnerability writeup describing a persistent XSS vulnerability in FTP Sprite v1.2.1 iOS application. The vulnerability allows remote attackers to inject malicious script code via folder names, leading to persistent session hijacking or phishing attacks.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: FTP Sprite v1.2.1 (iOS)

No auth needed

Prerequisites: Network access to the vulnerable application · Ability to create a folder with a malicious name

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026