EIP-2026-102476
PRE-CVEDataWatch Monarch Business Intelligence - Multiple Input Validation Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-102476. PoCs published by Raymond Rizk.
AI-analyzed exploit summary The exploit demonstrates XSS and XPath injection vulnerabilities in DataWatch Monarch Business Intelligence. It includes crafted URLs that inject malicious scripts and manipulate query logic, allowing unauthorized actions and potential credential theft.
Description
DataWatch Monarch Business Intelligence - Multiple Input Validation Vulnerabilities
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Raymond Rizk · textwebappsjsp
https://www.exploit-db.com/exploits/37550
The exploit demonstrates XSS and XPath injection vulnerabilities in DataWatch Monarch Business Intelligence. It includes crafted URLs that inject malicious scripts and manipulate query logic, allowing unauthorized actions and potential credential theft.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
DataWatch Monarch Business Intelligence 5.1
No auth needed
Prerequisites:
Access to the target application's web interface
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026