EIP-2026-104460

PRE-CVE

T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104460. PoCs published by Alperen Ergel.

AI-analyzed exploit summary This is a functional proof-of-concept for a stored XSS vulnerability in T-Soft E-Commerce 4. The exploit demonstrates how an attacker can inject malicious JavaScript payloads into the 'UrunAdi' (Product Name) field, which is then stored and executed when accessed by other users.

Description

T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by Alperen Ergel · textwebappsmultiple

https://www.exploit-db.com/exploits/50938

View Code ZIP pw:eip

This is a functional proof-of-concept for a stored XSS vulnerability in T-Soft E-Commerce 4. The exploit demonstrates how an attacker can inject malicious JavaScript payloads into the 'UrunAdi' (Product Name) field, which is then stored and executed when accessed by other users.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: T-Soft E-Commerce v4

Auth required

Prerequisites: Administrator access to the T-Soft E-Commerce platform

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026