EIP-2026-105569
PRE-CVEBMForum 3.0 - 'topic.php' Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-105569. PoCs published by Lostmon.
AI-analyzed exploit summary The provided text describes multiple XSS vulnerabilities in BMForum due to insufficient input sanitization. It includes example URLs demonstrating how arbitrary script code can be injected via the 'forumid', 'filename', and 'page' parameters.
Description
BMForum 3.0 - 'topic.php' Cross-Site Scripting
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Lostmon · textwebappsphp
https://www.exploit-db.com/exploits/26039
The provided text describes multiple XSS vulnerabilities in BMForum due to insufficient input sanitization. It includes example URLs demonstrating how arbitrary script code can be injected via the 'forumid', 'filename', and 'page' parameters.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
BMForum (version not specified)
No auth needed
Prerequisites:
Access to the vulnerable BMForum application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026