EIP-2026-103894

PRE-CVE

dotDefender - Cross-Site Scripting Security Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103894. PoCs published by SH4V.

AI-analyzed exploit summary This exploit demonstrates a security-bypass vulnerability in dotDefender by using obfuscated JavaScript within an HTML img tag to execute arbitrary code. The payload bypasses dotDefender's filtering mechanisms to trigger an XSS attack.

Description

dotDefender - Cross-Site Scripting Security Bypass

Exploits (1)

exploitdb WORKING POC VERIFIED

by SH4V · textremotemultiple

https://www.exploit-db.com/exploits/34297

View Code ZIP pw:eip

This exploit demonstrates a security-bypass vulnerability in dotDefender by using obfuscated JavaScript within an HTML img tag to execute arbitrary code. The payload bypasses dotDefender's filtering mechanisms to trigger an XSS attack.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: dotDefender (version not specified)

No auth needed

Prerequisites: A web application protected by dotDefender that reflects user input

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026