EIP-2026-107647

PRE-CVE

Hotel Booking Portal 0.1 - Multiple SQL Injections / Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107647. PoCs published by Yakir Wizman.

AI-analyzed exploit summary The exploit demonstrates XSS vulnerabilities in Hotel Booking Portal 0.1 by injecting malicious scripts into URL parameters. The provided URLs show how an attacker can execute arbitrary JavaScript, potentially stealing cookies or compromising the application.

Description

Hotel Booking Portal 0.1 - Multiple SQL Injections / Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Yakir Wizman · textwebappsphp

https://www.exploit-db.com/exploits/37630

View Code ZIP pw:eip

The exploit demonstrates XSS vulnerabilities in Hotel Booking Portal 0.1 by injecting malicious scripts into URL parameters. The provided URLs show how an attacker can execute arbitrary JavaScript, potentially stealing cookies or compromising the application.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Hotel Booking Portal 0.1

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026