EIP-2026-102464

PRE-CVE

BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102464. PoCs published by Richard Brain.

AI-analyzed exploit summary The exploit demonstrates multiple XSS and information disclosure vulnerabilities in BMC Dashboards. It includes specific URLs and payloads to trigger XSS and read local files within the webroot.

Description

BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by Richard Brain · textwebappsjsp

https://www.exploit-db.com/exploits/35707

View Code ZIP pw:eip

The exploit demonstrates multiple XSS and information disclosure vulnerabilities in BMC Dashboards. It includes specific URLs and payloads to trigger XSS and read local files within the webroot.

Classification

Working Poc 95%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: BMC Dashboards

No auth needed

Prerequisites: Access to the target BMC Dashboards instance

MITRE ATT&CK

T1059.007 - JavaScript T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026