EIP-2026-105527

PRE-CVE

BlogBird Platform - Multiple Cross-Site Scripting Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105527. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The exploit demonstrates a stored XSS vulnerability in BlogBird by providing functional HTML/JavaScript PoC code that submits malicious input via form fields (e.g., 'body' and 'title') to execute arbitrary JavaScript. The vulnerability arises from insufficient input sanitization in the application's saving scripts.

Description

BlogBird Platform - Multiple Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/15332

View Code ZIP pw:eip

The exploit demonstrates a stored XSS vulnerability in BlogBird by providing functional HTML/JavaScript PoC code that submits malicious input via form fields (e.g., 'body' and 'title') to execute arbitrary JavaScript. The vulnerability arises from insufficient input sanitization in the application's saving scripts.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: BlogBird (current version as of 2010)

No auth needed

Prerequisites: Access to the vulnerable BlogBird instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026