EIP-2026-105959

PRE-CVE

CMS Balitbang - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105959. PoCs published by TheCyberNuxbie.

AI-analyzed exploit summary The exploit demonstrates XSS vulnerabilities in CMS Balitbang by injecting malicious scripts via unsanitized input parameters in the 'id' and 'nip' fields. The provided URLs show how attacker-supplied JavaScript can execute in the context of the affected browser.

Description

CMS Balitbang - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED
by TheCyberNuxbie · textwebappsphp
https://www.exploit-db.com/exploits/37430

The exploit demonstrates XSS vulnerabilities in CMS Balitbang by injecting malicious scripts via unsanitized input parameters in the 'id' and 'nip' fields. The provided URLs show how attacker-supplied JavaScript can execute in the context of the affected browser.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: CMS Balitbang 3.5
No auth needed
Prerequisites: Access to the vulnerable CMS Balitbang instance
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026