EIP-2026-107323

PRE-CVE

G5 Scripts Guestbook PHP 1.2.8 - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107323. PoCs published by Valentin.

AI-analyzed exploit summary This is a technical writeup detailing an XSS vulnerability in Guestbook PHP 1.2.8, where user input fields ('Name', 'Vorname', 'Land', 'Message') are not properly sanitized, allowing script execution when entries are viewed by users or admins.

Description

G5 Scripts Guestbook PHP 1.2.8 - Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP

by Valentin · textwebappsphp

https://www.exploit-db.com/exploits/12374

View Code ZIP pw:eip

This is a technical writeup detailing an XSS vulnerability in Guestbook PHP 1.2.8, where user input fields ('Name', 'Vorname', 'Land', 'Message') are not properly sanitized, allowing script execution when entries are viewed by users or admins.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Guestbook PHP 1.2.8

No auth needed

Prerequisites: Access to the guestbook submission form

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026