EIP-2026-104216
PRE-CVECS-Cart 1.3.3 - 'install.php' Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-104216. PoCs published by crmpays.
AI-analyzed exploit summary This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in CS-Cart 1.3.3's install.php file. By crafting a malicious HTML form, an attacker can manipulate the 'step' parameter to access sensitive installation steps, particularly step 3, which contains sensitive information.
Description
CS-Cart 1.3.3 - 'install.php' Cross-Site Scripting
Exploits (1)
This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in CS-Cart 1.3.3's install.php file. By crafting a malicious HTML form, an attacker can manipulate the 'step' parameter to access sensitive installation steps, particularly step 3, which contains sensitive information.