EIP-2026-107483

PRE-CVE

Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107483. PoCs published by Ahsan Tahir.

AI-analyzed exploit summary This is a proof-of-concept for a persistent XSS vulnerability in GravCMS Admin Plugin v1.4.2. The exploit demonstrates how an admin or editor account can inject malicious JavaScript into page content, which executes when viewed by other users.

Description

Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Ahsan Tahir · textwebappsphp

https://www.exploit-db.com/exploits/42131

View Code ZIP pw:eip

This is a proof-of-concept for a persistent XSS vulnerability in GravCMS Admin Plugin v1.4.2. The exploit demonstrates how an admin or editor account can inject malicious JavaScript into page content, which executes when viewed by other users.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: GravCMS Admin Plugin v1.4.2

Auth required

Prerequisites: Admin or editor account credentials · Access to the GravCMS admin panel

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026