EIP-2026-105580
PRE-CVEBoltWire 3.4.16 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-105580. PoCs published by Stefan Schurtz.
AI-analyzed exploit summary This exploit demonstrates multiple XSS vulnerabilities in BoltWire by injecting malicious scripts via URL parameters. The PoC shows how unsanitized input in the 'help', 'action', and other parameters can execute arbitrary JavaScript.
Description
BoltWire 3.4.16 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Stefan Schurtz · textwebappsphp
https://www.exploit-db.com/exploits/36552
This exploit demonstrates multiple XSS vulnerabilities in BoltWire by injecting malicious scripts via URL parameters. The PoC shows how unsanitized input in the 'help', 'action', and other parameters can execute arbitrary JavaScript.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
BoltWire 3.4.16
No auth needed
Prerequisites:
Access to the target URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026