EIP-2026-105977

PRE-CVE

CMS Lokomedia - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105977. PoCs published by the_cyber_nuxbie.

AI-analyzed exploit summary The exploit demonstrates multiple reflected XSS vulnerabilities in CMS Lokomedia 1.5 by injecting malicious scripts via the 'halaman' parameter in various modules. The PoC URLs trigger arbitrary JavaScript execution in the context of the affected browser.

Description

CMS Lokomedia - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by the_cyber_nuxbie · textwebappsphp

https://www.exploit-db.com/exploits/37445

View Code ZIP pw:eip

The exploit demonstrates multiple reflected XSS vulnerabilities in CMS Lokomedia 1.5 by injecting malicious scripts via the 'halaman' parameter in various modules. The PoC URLs trigger arbitrary JavaScript execution in the context of the affected browser.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: CMS Lokomedia 1.5

No auth needed

Prerequisites: Access to the target URL with the vulnerable parameter

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026