EIP-2026-106595

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106595. PoCs published by Justin Klein Keane.

AI-analyzed exploit summary The document describes multiple vulnerabilities in Drupal modules (Embedded Media Field, Media: Video Flotsam, and Media: Audio Flotsam), including HTML injection and arbitrary file upload. It provides step-by-step instructions to reproduce XSS via crafted input fields and malicious file uploads.

Description

Drupal Module Embedded Media Field/Media 6.x : Video Flotsam/Media: Audio Flotsam - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by Justin Klein Keane · textwebappsphp

https://www.exploit-db.com/exploits/35072

View Code ZIP pw:eip

The document describes multiple vulnerabilities in Drupal modules (Embedded Media Field, Media: Video Flotsam, and Media: Audio Flotsam), including HTML injection and arbitrary file upload. It provides step-by-step instructions to reproduce XSS via crafted input fields and malicious file uploads.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Drupal 6.x (Embedded Media Field module < 6.x-1.26, Media: Video Flotsam < 6.x-1.2, Media: Audio Flotsam < 6.x-1.1)

Auth required

Prerequisites: Drupal 6.x installation · CCK module · Vulnerable Embedded Media Field module · Admin access to configure content types

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Drupal Module Embedded Media Field/Media 6.x : Video Flotsam/Media: Audio Flotsam - Multiple Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details