EIP-2026-106928

PRE-CVE

event Calendar - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106928. PoCs published by Janek Vind.

AI-analyzed exploit summary The provided text describes multiple input validation vulnerabilities in Event Calendar, including XSS, HTML injection, and SQL injection. It includes example URIs demonstrating exploitation vectors but lacks executable exploit code.

Description

event Calendar - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by Janek Vind · textwebappsphp

https://www.exploit-db.com/exploits/24748

View Code ZIP pw:eip

The provided text describes multiple input validation vulnerabilities in Event Calendar, including XSS, HTML injection, and SQL injection. It includes example URIs demonstrating exploitation vectors but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Xss | Sqli | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Event Calendar (NukeCalendar module)

No auth needed

Prerequisites: Access to the target application · Victim interaction for XSS

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026