EIP-2026-107230

PRE-CVE

FreeNAS 0.7.2.5543 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107230. PoCs published by db.pub.mail.

AI-analyzed exploit summary This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in FreeNAS 0.7.2.5543 by injecting malicious script tags into URL parameters. The PoC shows how unsanitized input in the 'lang' and 'order' parameters can execute arbitrary JavaScript in the context of the affected site.

Description

FreeNAS 0.7.2.5543 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by db.pub.mail · textwebappsphp

https://www.exploit-db.com/exploits/35124

View Code ZIP pw:eip

This exploit demonstrates multiple cross-site scripting (XSS) vulnerabilities in FreeNAS 0.7.2.5543 by injecting malicious script tags into URL parameters. The PoC shows how unsanitized input in the 'lang' and 'order' parameters can execute arbitrary JavaScript in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: FreeNAS 0.7.2.5543

No auth needed

Prerequisites: Access to a vulnerable FreeNAS instance · User interaction to visit crafted URLs

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026