EIP-2026-105528
PRE-CVEBlogCFC 5.9.6.001 - Multiple Cross-Site Scripting Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-105528. PoCs published by Richard Brain.
AI-analyzed exploit summary The exploit demonstrates multiple XSS vulnerabilities in BlogCFC by injecting arbitrary JavaScript code via unsanitized user input in various URL parameters. The PoC includes multiple attack vectors targeting different endpoints.
Description
BlogCFC 5.9.6.001 - Multiple Cross-Site Scripting Vulnerabilities
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Richard Brain · textwebappsphp
https://www.exploit-db.com/exploits/35110
The exploit demonstrates multiple XSS vulnerabilities in BlogCFC by injecting arbitrary JavaScript code via unsanitized user input in various URL parameters. The PoC includes multiple attack vectors targeting different endpoints.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
BlogCFC 5.9.6.001
No auth needed
Prerequisites:
Access to the target application's URLs
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026