Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-106541. PoCs published by Dr.NaNo.
AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in Doodle4Gift: a reflected XSS via the 'profile' parameter and an information disclosure flaw exposing user credentials in an XML file. Both are trivial to exploit and require no authentication.
Description
Doodle4Gift - Multiple Vulnerabilities
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Dr.NaNo · textwebappsphp
https://www.exploit-db.com/exploits/31085
The exploit demonstrates two vulnerabilities in Doodle4Gift: a reflected XSS via the 'profile' parameter and an information disclosure flaw exposing user credentials in an XML file. Both are trivial to exploit and require no authentication.
Classification
Working Poc 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Doodle4Gift <= (unspecified version)
No auth needed
Prerequisites:
Access to the target web application
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026