EIP-2026-105720

PRE-CVE

Car Rental Script 1.8 - Stored Cross-site scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105720. PoCs published by CraCkEr.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Car Rental Script 1.8, where multiple POST parameters are vulnerable to XSS payload injection. The payloads are stored and executed when an admin views the dashboard or bookings.

Description

Car Rental Script 1.8 - Stored Cross-site scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by CraCkEr · textwebappsphp

https://www.exploit-db.com/exploits/51567

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Car Rental Script 1.8, where multiple POST parameters are vulnerable to XSS payload injection. The payloads are stored and executed when an admin views the dashboard or bookings.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Car Rental Script 1.8

No auth needed

Prerequisites: Access to the booking form · Admin interaction to trigger payload

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026