EIP-2026-104975

PRE-CVE

Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104975. PoCs published by hyp3rlinx.

AI-analyzed exploit summary The exploit demonstrates a persistent XSS vulnerability in Advanced Electron Forum v1.0.9 by injecting malicious JavaScript into the 'fredirect' parameter, which is stored in the database and executed when victims visit specific URLs.

Description

Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textwebappsphp

https://www.exploit-db.com/exploits/39262

View Code ZIP pw:eip

The exploit demonstrates a persistent XSS vulnerability in Advanced Electron Forum v1.0.9 by injecting malicious JavaScript into the 'fredirect' parameter, which is stored in the database and executed when victims visit specific URLs.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Advanced Electron Forum v1.0.9

Auth required

Prerequisites: Admin access to the forum's edit board settings

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026