EIP-2026-106824

PRE-CVE

Electricks eCommerce 1.0 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106824. PoCs published by Nawaf Alkeraithe.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Electricks eCommerce 1.0, where the 'address' field in the user signup form is not sanitized, allowing arbitrary JavaScript execution when viewed in the admin panel.

Description

Electricks eCommerce 1.0 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Nawaf Alkeraithe · textwebappsphp

https://www.exploit-db.com/exploits/45857

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Electricks eCommerce 1.0, where the 'address' field in the user signup form is not sanitized, allowing arbitrary JavaScript execution when viewed in the admin panel.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Electricks eCommerce 1.0

No auth needed

Prerequisites: Access to the user signup page · Admin panel access to view the payload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026