EIP-2026-102476

PRE-CVE

DataWatch Monarch Business Intelligence - Multiple Input Validation Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102476. PoCs published by Raymond Rizk.

AI-analyzed exploit summary The exploit demonstrates XSS and XPath injection vulnerabilities in DataWatch Monarch Business Intelligence. It includes crafted URLs that inject malicious scripts and manipulate query logic, allowing unauthorized actions and potential credential theft.

Description

DataWatch Monarch Business Intelligence - Multiple Input Validation Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED
by Raymond Rizk · textwebappsjsp
https://www.exploit-db.com/exploits/37550

The exploit demonstrates XSS and XPath injection vulnerabilities in DataWatch Monarch Business Intelligence. It includes crafted URLs that inject malicious scripts and manipulate query logic, allowing unauthorized actions and potential credential theft.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: DataWatch Monarch Business Intelligence 5.1
No auth needed
Prerequisites: Access to the target application's web interface
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026