EIP-2026-106222
PRE-CVEcPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-106222. PoCs published by Aria-Security Team.
AI-analyzed exploit summary This is a writeup describing multiple XSS vulnerabilities in Web Hosting Manager 3.1.0. It provides example URLs demonstrating how unsanitized input can lead to arbitrary script execution in a user's browser context.
Description
cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Aria-Security Team · textwebappsphp
https://www.exploit-db.com/exploits/29238
This is a writeup describing multiple XSS vulnerabilities in Web Hosting Manager 3.1.0. It provides example URLs demonstrating how unsanitized input can lead to arbitrary script execution in a user's browser context.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Web Hosting Manager 3.1.0
Auth required
Prerequisites:
Authenticated access to the affected application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026