EIP-2026-104482

PRE-CVE

VideoLAN VLC Media Player Web Interface 2.2.1 - Metadata Title Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104482. PoCs published by Andrea Sindoni.

AI-analyzed exploit summary This is a technical writeup describing an XSS vulnerability in VLC 2.2.1's web interface via metadata manipulation. It includes steps to reproduce the issue but lacks direct exploit code, relying on an external download for the PoC file.

Description

VideoLAN VLC Media Player Web Interface 2.2.1 - Metadata Title Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP

by Andrea Sindoni · textwebappsmultiple

https://www.exploit-db.com/exploits/38706

View Code ZIP pw:eip

This is a technical writeup describing an XSS vulnerability in VLC 2.2.1's web interface via metadata manipulation. It includes steps to reproduce the issue but lacks direct exploit code, relying on an external download for the PoC file.

Classification

Writeup 80%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: VLC 2.2.1 (WEB INTERFACE)

Auth required

Prerequisites: VLC 2.2.1 with HTTP interface enabled · Access to the web interface · Valid credentials

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026