EIP-2026-105171

PRE-CVE

Anchor CMS 0.12.7 - Persistent Cross-Site Scripting (Authenticated)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105171. PoCs published by Sinem Şahin.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in Anchor CMS 0.12.7 by injecting a malicious script into the post description field, which executes when the post is viewed. The HTTP request shows the exact payload and parameters required to trigger the vulnerability.

Description

Anchor CMS 0.12.7 - Persistent Cross-Site Scripting (Authenticated)

Exploits (1)

exploitdb WORKING POC

by Sinem Şahin · textwebappsphp

https://www.exploit-db.com/exploits/48832

View Code ZIP pw:eip

This exploit demonstrates a persistent XSS vulnerability in Anchor CMS 0.12.7 by injecting a malicious script into the post description field, which executes when the post is viewed. The HTTP request shows the exact payload and parameters required to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Anchor CMS 0.12.7

Auth required

Prerequisites: Authenticated access to the admin panel · Ability to create or edit posts

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026