EIP-2026-102435

PRE-CVE

WSO2 3.1.0 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102435. PoCs published by Raki Ben Hamouda.

AI-analyzed exploit summary This PoC demonstrates a stored XSS vulnerability in WSO2 API Manager 3.1.0 via the comment feature in the Resource Browser component. The exploit involves injecting malicious scripts into the 'comment' parameter, which executes when viewed by other users.

Description

WSO2 3.1.0 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Raki Ben Hamouda · textwebappsjava

https://www.exploit-db.com/exploits/48319

View Code ZIP pw:eip

This PoC demonstrates a stored XSS vulnerability in WSO2 API Manager 3.1.0 via the comment feature in the Resource Browser component. The exploit involves injecting malicious scripts into the 'comment' parameter, which executes when viewed by other users.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WSO2 API Manager 3.1.0

Auth required

Prerequisites: Access to the Resource Browser component · Valid user account with comment privileges

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026