EIP-2026-106200

PRE-CVE

COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106200. PoCs published by BHAVESH KAUL.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in COVID19 Testing Management System 1.0, where insufficient sanitization of the 'State' parameter allows arbitrary JavaScript execution when viewed in the dashboard.

Description

COVID19 Testing Management System 1.0 - 'State' Stored Cross-Site-Scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by BHAVESH KAUL · textwebappsphp

https://www.exploit-db.com/exploits/49993

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in COVID19 Testing Management System 1.0, where insufficient sanitization of the 'State' parameter allows arbitrary JavaScript execution when viewed in the dashboard.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: COVID19 Testing Management System 1.0

No auth needed

Prerequisites: Access to the registration page · Ability to submit a new user form

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026