EIP-2026-102472

PRE-CVE

DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102472. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates multiple stored XSS and CSRF vulnerabilities in DALIM SOFTWARE ES Core 5.0 by submitting malicious input via POST parameters to an administrative endpoint. The PoC injects JavaScript payloads into various form fields, which are then rendered in the context of the affected site.

Description

DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · htmlwebappsjsp

https://www.exploit-db.com/exploits/42437

View Code ZIP pw:eip

This exploit demonstrates multiple stored XSS and CSRF vulnerabilities in DALIM SOFTWARE ES Core 5.0 by submitting malicious input via POST parameters to an administrative endpoint. The PoC injects JavaScript payloads into various form fields, which are then rendered in the context of the affected site.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: DALIM SOFTWARE ES Core 5.0 (build 7184.1 and earlier)

Auth required

Prerequisites: Access to a logged-in administrative session · Victim interaction (visiting a malicious site)

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026