EIP-2026-104182

PRE-CVE

Bagisto 1.3.3 - Client-Side Template Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104182. PoCs published by Mohamed Abdellatif Jaber.

AI-analyzed exploit summary This exploit demonstrates a Client-Side Template Injection vulnerability in Bagisto 1.3.3. By injecting a malicious payload into user profile fields, arbitrary JavaScript code is executed when an admin or another user views the profile or order.

Description

Bagisto 1.3.3 - Client-Side Template Injection

Exploits (1)

exploitdb WORKING POC
by Mohamed Abdellatif Jaber · textwebappsmultiple
https://www.exploit-db.com/exploits/50548

This exploit demonstrates a Client-Side Template Injection vulnerability in Bagisto 1.3.3. By injecting a malicious payload into user profile fields, arbitrary JavaScript code is executed when an admin or another user views the profile or order.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Bagisto v1.3.3
Auth required
Prerequisites: Valid user account · Access to profile editing functionality
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026