EIP-2026-106280

PRE-CVE

Curverider Elgg 1.0 - Templates HTML Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106280. PoCs published by lorddemon.

AI-analyzed exploit summary This is a functional HTML injection exploit for Elgg 1.0, leveraging improper input sanitization to execute arbitrary HTML and script code in the context of the affected browser. The exploit requires the attacker to be an authenticated user and targets the user details update functionality.

Description

Curverider Elgg 1.0 - Templates HTML Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by lorddemon · htmlwebappsphp

https://www.exploit-db.com/exploits/34825

View Code ZIP pw:eip

This is a functional HTML injection exploit for Elgg 1.0, leveraging improper input sanitization to execute arbitrary HTML and script code in the context of the affected browser. The exploit requires the attacker to be an authenticated user and targets the user details update functionality.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Elgg 1.0

Auth required

Prerequisites: Authenticated user access

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026