EIP-2026-105915

PRE-CVE

Client Management System 1.1 - 'cname' Stored Cross-site scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105915. PoCs published by Mohammad Koochaki.

AI-analyzed exploit summary This exploit demonstrates a stored and reflected XSS vulnerability in Client Management System 1.1. The PoC includes HTTP requests with malicious payloads that trigger JavaScript execution in the context of the victim's browser.

Description

Client Management System 1.1 - 'cname' Stored Cross-site scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by Mohammad Koochaki · textwebappsphp

https://www.exploit-db.com/exploits/50177

View Code ZIP pw:eip

This exploit demonstrates a stored and reflected XSS vulnerability in Client Management System 1.1. The PoC includes HTTP requests with malicious payloads that trigger JavaScript execution in the context of the victim's browser.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Client Management System 1.1

Auth required

Prerequisites: Access to the admin or client interface · Valid session cookie (PHPSESSID)

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026