EIP-2026-106287

PRE-CVE

Customer Relationship Management (CRM) System 1.0 - 'Category' Persistent Cross site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106287. PoCs published by Vani K G.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in Customer Relationship Management (CRM) System 1.0. The vulnerability allows an attacker to inject malicious scripts into the 'Category' input field, which triggers when users access the affected page.

Description

Customer Relationship Management (CRM) System 1.0 - 'Category' Persistent Cross site Scripting

Exploits (1)

exploitdb WRITEUP

by Vani K G · textwebappsphp

https://www.exploit-db.com/exploits/49868

View Code ZIP pw:eip

This is a writeup describing a stored XSS vulnerability in Customer Relationship Management (CRM) System 1.0. The vulnerability allows an attacker to inject malicious scripts into the 'Category' input field, which triggers when users access the affected page.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Customer Relationship Management (CRM) System 1.0

Auth required

Prerequisites: Access to admin dashboard · Valid admin credentials

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026