EIP-2026-106855

PRE-CVE

Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106855. PoCs published by Ragavender A G.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Employee Daily Task Management System 1.0 by injecting malicious JavaScript via the 'Name' field in the department creation form. The payload triggers when the page is refreshed, executing arbitrary JavaScript in the context of the admin user.

Description

Employee Daily Task Management System 1.0 - 'Name' Stored Cross-Site Scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by Ragavender A G · textwebappsphp

https://www.exploit-db.com/exploits/50506

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Employee Daily Task Management System 1.0 by injecting malicious JavaScript via the 'Name' field in the department creation form. The payload triggers when the page is refreshed, executing arbitrary JavaScript in the context of the admin user.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Employee Daily Task Management System 1.0

Auth required

Prerequisites: Access to the admin panel · Valid session cookie

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026