EIP-2026-105097

PRE-CVE

Alkacon OpenCMS 7.5.x - Multiple Cross-Site Scripting Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105097. PoCs published by antisnatchor.

AI-analyzed exploit summary The provided text describes multiple XSS vulnerabilities in Alkacon OpenCms due to improper input sanitization. It includes example URLs demonstrating the vulnerabilities but does not contain executable exploit code.

Description

Alkacon OpenCMS 7.5.x - Multiple Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by antisnatchor · textwebappsphp

https://www.exploit-db.com/exploits/35515

View Code ZIP pw:eip

The provided text describes multiple XSS vulnerabilities in Alkacon OpenCms due to improper input sanitization. It includes example URLs demonstrating the vulnerabilities but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: Alkacon OpenCms versions prior to 7.5.4

No auth needed

Prerequisites: Access to the vulnerable OpenCms instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026