EIP-2026-107396

PRE-CVE

Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107396. PoCs published by Jeroen - IT Nerdbox.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in etSimple CMS v3.3.1, where the 'name' and 'permalink' parameters in the admin settings interface fail to sanitize input, allowing malicious scripts to be stored in the XML file.

Description

Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jeroen - IT Nerdbox · textwebappsphp

https://www.exploit-db.com/exploits/32502

View Code ZIP pw:eip

This exploit demonstrates a persistent XSS vulnerability in etSimple CMS v3.3.1, where the 'name' and 'permalink' parameters in the admin settings interface fail to sanitize input, allowing malicious scripts to be stored in the XML file.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: etSimple CMS v3.3.1

Auth required

Prerequisites: Access to the administrative interface

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026