EIP-2026-105817

PRE-CVE

chatNow - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105817. PoCs published by HaHwul.

AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in chatNow: a CSRF vulnerability in 'send_message.php' due to lack of token/referer checks, and a reflected XSS vulnerability in 'login.php' due to improper URL filtering. Both vulnerabilities are proven with functional attack code.

Description

chatNow - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by HaHwul · textwebappsphp

https://www.exploit-db.com/exploits/40293

View Code ZIP pw:eip

The exploit demonstrates two vulnerabilities in chatNow: a CSRF vulnerability in 'send_message.php' due to lack of token/referer checks, and a reflected XSS vulnerability in 'login.php' due to improper URL filtering. Both vulnerabilities are proven with functional attack code.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: chatNow (latest commit as of 2016-08-23)

No auth needed

Prerequisites: Victim interaction for XSS (clicking a link or visiting a crafted URL) · For CSRF, victim must be authenticated in the target application

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026