EIP-2026-105339

PRE-CVE

Axis Commerce (E-Commerce System) - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105339. PoCs published by Eyup CELIK.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Axis Commerce's search module. The vulnerability allows arbitrary JavaScript execution via the 'q' parameter in the search URL, which is rendered in the page without proper sanitization.

Description

Axis Commerce (E-Commerce System) - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Eyup CELIK · textwebappsphp

https://www.exploit-db.com/exploits/17703

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Axis Commerce's search module. The vulnerability allows arbitrary JavaScript execution via the 'q' parameter in the search URL, which is rendered in the page without proper sanitization.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Axis Commerce 0.8.1 and previous

No auth needed

Prerequisites: Access to the search module of Axis Commerce

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026