EIP-2026-106705
PRE-CVEEasy!Appointments 1.2.1 - Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-106705. PoCs published by LiquidWorm.
AI-analyzed exploit summary The exploit demonstrates multiple stored and reflected XSS vulnerabilities in Easy!Appointments v1.2.1 by injecting malicious scripts via POST and GET parameters. The PoC includes HTML forms with crafted inputs that trigger XSS when processed by the application.
Description
Easy!Appointments 1.2.1 - Cross-Site Scripting
Exploits (1)
exploitdb
WORKING POC
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/43399
The exploit demonstrates multiple stored and reflected XSS vulnerabilities in Easy!Appointments v1.2.1 by injecting malicious scripts via POST and GET parameters. The PoC includes HTML forms with crafted inputs that trigger XSS when processed by the application.
Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Easy!Appointments v1.2.1
No auth needed
Prerequisites:
Access to the target application · Ability to submit crafted POST/GET requests
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026