EIP-2026-106961
PRE-CVEExplay CMS 2.1 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-106961. PoCs published by hodik.
AI-analyzed exploit summary The document describes two vulnerabilities in Explay CMS <= 2.1: a persistent XSS due to inadequate input filtering and a CSRF vulnerability allowing privilege escalation. It provides specific attack vectors but lacks functional exploit code.
Description
Explay CMS 2.1 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by hodik · textwebappsphp
https://www.exploit-db.com/exploits/6495
The document describes two vulnerabilities in Explay CMS <= 2.1: a persistent XSS due to inadequate input filtering and a CSRF vulnerability allowing privilege escalation. It provides specific attack vectors but lacks functional exploit code.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Explay CMS <= 2.1
Auth required
Prerequisites:
User authentication for XSS · Admin session for CSRF
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026