EIP-2026-104098
PRE-CVETCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-104098. PoCs published by Phuong Nguyen.
AI-analyzed exploit summary The document describes multiple cross-site scripting (XSS) vulnerabilities in the Debug module of TCLHTtpd, specifically in versions 3.4.2 and likely prior. It provides example URLs demonstrating how an attacker can inject malicious script code into various parameters.
Description
TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Phuong Nguyen · textremotemultiple
https://www.exploit-db.com/exploits/23174
The document describes multiple cross-site scripting (XSS) vulnerabilities in the Debug module of TCLHTtpd, specifically in versions 3.4.2 and likely prior. It provides example URLs demonstrating how an attacker can inject malicious script code into various parameters.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
TCLHTtpd 3.4.2 and prior
No auth needed
Prerequisites:
Access to the vulnerable TCLHTtpd server
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026