EIP-2026-105172

PRE-CVE

Anchor CMS 0.6-14-ga85d0a0 - 'id' Multiple HTML Injection Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105172. PoCs published by Gjoko Krstic.

AI-analyzed exploit summary This HTML file demonstrates multiple persistent XSS vulnerabilities in Anchor CMS by submitting crafted input to various admin endpoints. The PoC includes forms that inject malicious scripts into user inputs, which are then stored and executed in the context of the affected site.

Description

Anchor CMS 0.6-14-ga85d0a0 - 'id' Multiple HTML Injection Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gjoko Krstic · htmlwebappsphp

https://www.exploit-db.com/exploits/37096

View Code ZIP pw:eip

This HTML file demonstrates multiple persistent XSS vulnerabilities in Anchor CMS by submitting crafted input to various admin endpoints. The PoC includes forms that inject malicious scripts into user inputs, which are then stored and executed in the context of the affected site.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Anchor CMS 0.6-14-ga85d0a0

Auth required

Prerequisites: Access to admin endpoints · Valid session or authentication bypass

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026