EIP-2026-105992

PRE-CVE

CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105992. PoCs published by Netsparker.

AI-analyzed exploit summary The exploit demonstrates a reflected XSS vulnerability in CMS Mini 0.2.2 by injecting malicious JavaScript via the 'path' parameter. The payload bypasses input sanitization and executes arbitrary script code in the context of the affected site.

Description

CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Netsparker · textwebappsphp

https://www.exploit-db.com/exploits/37968

View Code ZIP pw:eip

The exploit demonstrates a reflected XSS vulnerability in CMS Mini 0.2.2 by injecting malicious JavaScript via the 'path' parameter. The payload bypasses input sanitization and executes arbitrary script code in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: CMS Mini 0.2.2

No auth needed

Prerequisites: Victim must visit the crafted URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026