EIP-2026-104459

PRE-CVE

SWFupload 2.5.0 - Cross Frame Scripting (XFS)

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104459. PoCs published by MindCracker.

AI-analyzed exploit summary The exploit describes an XSF (Cross-Site Flashing) vulnerability in SWFupload where improper input validation allows loading arbitrary SWF files via the `buttonTextStyle` parameter. The PoC demonstrates how an attacker can exploit this to load malicious SWF content from an external domain.

Description

SWFupload 2.5.0 - Cross Frame Scripting (XFS)

Exploits (1)

exploitdb WRITEUP
by MindCracker · textwebappsmultiple
https://www.exploit-db.com/exploits/35908

The exploit describes an XSF (Cross-Site Flashing) vulnerability in SWFupload where improper input validation allows loading arbitrary SWF files via the `buttonTextStyle` parameter. The PoC demonstrates how an attacker can exploit this to load malicious SWF content from an external domain.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: SWFupload All Versions
No auth needed
Prerequisites: Victim must interact with a crafted URL · SWFupload SWF file must be accessible
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026