EIP-2026-102290

PRE-CVE

Private Photo+Video 1.1 Pro iOS - Persistent

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102290. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in Private Photo+Video Pro iOS app v1.1, where malicious script code can be injected into the album name parameter via GET requests, leading to persistent session hijacking or phishing attacks.

Description

Private Photo+Video 1.1 Pro iOS - Persistent

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textwebappsios

https://www.exploit-db.com/exploits/32703

View Code ZIP pw:eip

This exploit demonstrates a persistent XSS vulnerability in Private Photo+Video Pro iOS app v1.1, where malicious script code can be injected into the album name parameter via GET requests, leading to persistent session hijacking or phishing attacks.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Private Photo+Video Pro iOS Mobile Web Application v1.1

Auth required

Prerequisites: Low-privileged access to the mobile application or web interface · User interaction to add/rename an album

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026