EIP-2026-106291

PRE-CVE

Customer Support System 1.0 - _First Name_ & _Last Name_ Stored XSS

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106291. PoCs published by Saeed Bala Ahmed.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in Customer Support System 1.0, where malicious scripts can be injected into the 'First Name' and 'Last Name' fields. The payload executes when the user logs in and accesses the 'Manage Account' page.

Description

Customer Support System 1.0 - _First Name_ & _Last Name_ Stored XSS

Exploits (1)

exploitdb WRITEUP

by Saeed Bala Ahmed · textwebappsphp

https://www.exploit-db.com/exploits/49275

View Code ZIP pw:eip

This is a writeup describing a stored XSS vulnerability in Customer Support System 1.0, where malicious scripts can be injected into the 'First Name' and 'Last Name' fields. The payload executes when the user logs in and accesses the 'Manage Account' page.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Customer Support System 1.0

Auth required

Prerequisites: Valid user credentials · Access to the 'Manage Account' page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026