EIP-2026-105979

PRE-CVE

CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105979. PoCs published by Blessen Thomas.

AI-analyzed exploit summary This exploit demonstrates stored and reflected XSS vulnerabilities in CMS Made Simple 1.11.10. The stored XSS occurs via the 'search' parameter, while the reflected XSS is triggered through the 'email address' field in the admin portal.

Description

CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Blessen Thomas · textwebappsphp

https://www.exploit-db.com/exploits/32668

View Code ZIP pw:eip

This exploit demonstrates stored and reflected XSS vulnerabilities in CMS Made Simple 1.11.10. The stored XSS occurs via the 'search' parameter, while the reflected XSS is triggered through the 'email address' field in the admin portal.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: CMS Made Simple 1.11.10

Auth required

Prerequisites: Admin access to the CMS Made Simple portal

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026