EIP-2026-106418

PRE-CVE

Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent Cross Site Scripting (Authenticated)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106418. PoCs published by Reza Afsahi.

AI-analyzed exploit summary This exploit demonstrates a persistent Cross-Site Scripting (XSS) vulnerability in the Dental Clinic Appointment Reservation System 1.0. The vulnerability allows an authenticated member to inject malicious JavaScript payloads into the 'Firstname' field, which are executed when viewed by other users, including administrators.

Description

Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent Cross Site Scripting (Authenticated)

Exploits (1)

exploitdb WORKING POC

by Reza Afsahi · textwebappsphp

https://www.exploit-db.com/exploits/49870

View Code ZIP pw:eip

This exploit demonstrates a persistent Cross-Site Scripting (XSS) vulnerability in the Dental Clinic Appointment Reservation System 1.0. The vulnerability allows an authenticated member to inject malicious JavaScript payloads into the 'Firstname' field, which are executed when viewed by other users, including administrators.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Dental Clinic Appointment Reservation System 1.0

Auth required

Prerequisites: Authenticated user account · Access to the edit_info.php page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026