EIP-2026-106492
PRE-CVEDocMGR 1.1.2 - 'history.php' Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-106492. PoCs published by AutoSec Tools.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in DocMGR 1.1.2 by injecting arbitrary JavaScript code via the 'f' parameter in the history.php page. The payload closes the existing script context and executes an alert dialog.
Description
DocMGR 1.1.2 - 'history.php' Cross-Site Scripting
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by AutoSec Tools · textwebappsphp
https://www.exploit-db.com/exploits/35755
This exploit demonstrates a cross-site scripting (XSS) vulnerability in DocMGR 1.1.2 by injecting arbitrary JavaScript code via the 'f' parameter in the history.php page. The payload closes the existing script context and executes an alert dialog.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
DocMGR 1.1.2
No auth needed
Prerequisites:
Access to the vulnerable DocMGR instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026