EIP-2026-107543

PRE-CVE

GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107543. PoCs published by CraCkEr.

AI-analyzed exploit summary The exploit demonstrates stored and reflected XSS vulnerabilities in GZ Forum Script 1.8. It includes specific payloads and HTTP requests to trigger XSS via the 'catid', 'topicid', 'free_name', 'topic', and 'topic_message' parameters.

Description

GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by CraCkEr · textwebappsphp

https://www.exploit-db.com/exploits/51559

View Code ZIP pw:eip

The exploit demonstrates stored and reflected XSS vulnerabilities in GZ Forum Script 1.8. It includes specific payloads and HTTP requests to trigger XSS via the 'catid', 'topicid', 'free_name', 'topic', and 'topic_message' parameters.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: GZ Forum Script 1.8

No auth needed

Prerequisites: Access to the forum's 'New Topic' feature

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026