EIP-2026-104343

PRE-CVE

mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104343. PoCs published by Sagar Banwa.

AI-analyzed exploit summary This is a functional proof-of-concept for a persistent XSS vulnerability in mojoPortal forums 2.7.0.0. The exploit demonstrates how an attacker can inject malicious JavaScript into the 'Title' field of a forum, which executes when an admin or visitor views the forum details.

Description

mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Sagar Banwa · textwebappsmultiple

https://www.exploit-db.com/exploits/49184

View Code ZIP pw:eip

This is a functional proof-of-concept for a persistent XSS vulnerability in mojoPortal forums 2.7.0.0. The exploit demonstrates how an attacker can inject malicious JavaScript into the 'Title' field of a forum, which executes when an admin or visitor views the forum details.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: mojoPortal forums 2.7.0.0

Auth required

Prerequisites: Admin access to the mojoPortal forums · Ability to create or edit a forum

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026