EIP-2026-104160

PRE-CVE

Apache CouchDB 2.3.0 - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104160. PoCs published by Ozer Goker.

AI-analyzed exploit summary This document details multiple DOM-based and stored XSS vulnerabilities in Apache CouchDB 2.3.0, including payloads and affected endpoints. It provides technical insights into the attack vectors but does not include functional exploit code.

Description

Apache CouchDB 2.3.0 - Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP

by Ozer Goker · textwebappsmultiple

https://www.exploit-db.com/exploits/46406

View Code ZIP pw:eip

This document details multiple DOM-based and stored XSS vulnerabilities in Apache CouchDB 2.3.0, including payloads and affected endpoints. It provides technical insights into the attack vectors but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Apache CouchDB 2.3.0

No auth needed

Prerequisites: Access to the CouchDB web interface

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026