EIP-2026-102377

PRE-CVE

hupa webmail 0.0.2 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102377. PoCs published by Shai rod.

AI-analyzed exploit summary This Python script demonstrates a stored XSS vulnerability in Hupa Webmail 0.0.2 by sending an email with malicious payloads in the subject and body. The payloads trigger JavaScript execution when viewed in the webmail interface.

Description

hupa webmail 0.0.2 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Shai rod · pythonwebappsjava

https://www.exploit-db.com/exploits/20668

View Code ZIP pw:eip

This Python script demonstrates a stored XSS vulnerability in Hupa Webmail 0.0.2 by sending an email with malicious payloads in the subject and body. The payloads trigger JavaScript execution when viewed in the webmail interface.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Hupa Webmail 0.0.2

Auth required

Prerequisites: SMTP server access · valid credentials for sending email

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026