EIP-2026-104147

PRE-CVE

ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104147. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an authenticated reflected XSS vulnerability in ABB Cylon Aspect 3.08.03. The vulnerability allows arbitrary JavaScript execution via unsanitized GET parameters 'name' and 'id' in the MapServicesHandler.

Description

ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsmultiple

https://www.exploit-db.com/exploits/52222

View Code ZIP pw:eip

This exploit demonstrates an authenticated reflected XSS vulnerability in ABB Cylon Aspect 3.08.03. The vulnerability allows arbitrary JavaScript execution via unsanitized GET parameters 'name' and 'id' in the MapServicesHandler.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: ABB Cylon Aspect <=3.08.03

Auth required

Prerequisites: Authenticated access to the target application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026