EIP-2026-105820

PRE-CVE

ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105820. PoCs published by boku.

AI-analyzed exploit summary This exploit demonstrates an authenticated persistent XSS vulnerability in ChemInv 1.0. The vulnerability arises from insufficient sanitization of user input in the project name field, allowing malicious JavaScript to be stored in the database and executed when other users view the 'Projects' or 'Add Chemicals' tab.

Description

ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by boku · textwebappsphp

https://www.exploit-db.com/exploits/48401

View Code ZIP pw:eip

This exploit demonstrates an authenticated persistent XSS vulnerability in ChemInv 1.0. The vulnerability arises from insufficient sanitization of user input in the project name field, allowing malicious JavaScript to be stored in the database and executed when other users view the 'Projects' or 'Add Chemicals' tab.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: ChemInv 1.0

Auth required

Prerequisites: Authenticated access to the ChemInv application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026