Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-106678. PoCs published by Pete Foster.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in e107 CMS via the class2.php script. It shows how an attacker can inject malicious HTML and script code into form fields, which are rendered in the browser of users viewing the site.
Description
e107 Website System 0.554 - HTML Injection
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Pete Foster · textwebappsphp
https://www.exploit-db.com/exploits/22958
This exploit demonstrates an HTML injection vulnerability in e107 CMS via the class2.php script. It shows how an attacker can inject malicious HTML and script code into form fields, which are rendered in the browser of users viewing the site.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
e107 CMS (version not specified)
No auth needed
Prerequisites:
Access to a form field in e107 CMS that processes user input without proper sanitization
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026