Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-105438. PoCs published by Edric Teo.
AI-analyzed exploit summary The exploit demonstrates XSS and CSRF vulnerabilities in BEdita CMS 3.5.0. It includes functional PoC code for both issues, showing how an attacker can inject malicious JavaScript or create an admin user via crafted requests.
Description
BEdita CMS 3.5.0 - Multiple Vulnerabilities
Exploits (1)
exploitdb
WORKING POC
by Edric Teo · textwebappsphp
https://www.exploit-db.com/exploits/36265
The exploit demonstrates XSS and CSRF vulnerabilities in BEdita CMS 3.5.0. It includes functional PoC code for both issues, showing how an attacker can inject malicious JavaScript or create an admin user via crafted requests.
Classification
Working Poc 100%
Attack Type
Xss | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
BEdita CMS 3.5.0
Auth required
Prerequisites:
Authenticated user session for XSS · Admin user session for CSRF
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026