EIP-2026-106854

PRE-CVE

Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106854. PoCs published by İlhami Selamet.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Employee and Visitor Gate Pass Logging System 1.0. The payload is injected via the 'name' field in the department creation form, which executes when users navigate to the 'Department List' page.

Description

Employee and Visitor Gate Pass Logging System 1.0 - 'name' Stored Cross-Site Scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by İlhami Selamet · textwebappsphp

https://www.exploit-db.com/exploits/50507

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Employee and Visitor Gate Pass Logging System 1.0. The payload is injected via the 'name' field in the department creation form, which executes when users navigate to the 'Department List' page.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Employee and Visitor Gate Pass Logging System v1.0

Auth required

Prerequisites: Admin access to the application · Ability to create a new department

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026