EIP-2026-106399

PRE-CVE

DedeCMS 7.5 SP2 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106399. PoCs published by Vulnerability Research Laboratory.

AI-analyzed exploit summary This is a proof-of-concept for multiple persistent XSS vulnerabilities in DedeCMS v5.7 SP2. The exploit demonstrates how malicious script codes can be injected via various parameters in multiple files, leading to session hijacking or phishing attacks.

Description

DedeCMS 7.5 SP2 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Vulnerability Research Laboratory · textwebappsphp

https://www.exploit-db.com/exploits/48326

View Code ZIP pw:eip

This is a proof-of-concept for multiple persistent XSS vulnerabilities in DedeCMS v5.7 SP2. The exploit demonstrates how malicious script codes can be injected via various parameters in multiple files, leading to session hijacking or phishing attacks.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: DedeCMS v5.7 SP2

Auth required

Prerequisites: Privileged user account (user/moderator) · Access to vulnerable parameters in DedeCMS

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026