EIP-2026-104157

PRE-CVE

Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104157. PoCs published by Ramazan Mert GÖKTEN.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Anchor CMS 0.12.7 via the 'markdown' parameter in the post creation functionality. The payload is injected into the markdown field and executed when the post is viewed.

Description

Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Ramazan Mert GÖKTEN · textwebappsmultiple

https://www.exploit-db.com/exploits/49403

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Anchor CMS 0.12.7 via the 'markdown' parameter in the post creation functionality. The payload is injected into the markdown field and executed when the post is viewed.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Anchor CMS 0.12.7

Auth required

Prerequisites: Admin access to the Anchor CMS panel

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026