EIP-2026-105438

PRE-CVE

BEdita CMS 3.5.0 - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105438. PoCs published by Edric Teo.

AI-analyzed exploit summary The exploit demonstrates XSS and CSRF vulnerabilities in BEdita CMS 3.5.0. It includes functional PoC code for both issues, showing how an attacker can inject malicious JavaScript or create an admin user via crafted requests.

Description

BEdita CMS 3.5.0 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC
by Edric Teo · textwebappsphp
https://www.exploit-db.com/exploits/36265

The exploit demonstrates XSS and CSRF vulnerabilities in BEdita CMS 3.5.0. It includes functional PoC code for both issues, showing how an attacker can inject malicious JavaScript or create an admin user via crafted requests.

Classification
Working Poc 100%
Attack Type
Xss | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: BEdita CMS 3.5.0
Auth required
Prerequisites: Authenticated user session for XSS · Admin user session for CSRF
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026