EIP-2026-107662

PRE-CVE

HPSystem Management Homepage (SMH) 2.1.12 - 'message.php' Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107662. PoCs published by Luca Carettoni.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) with three example attack vectors. It references an incomplete fix for prior vulnerabilities but does not include executable exploit code.

Description

HPSystem Management Homepage (SMH) 2.1.12 - 'message.php' Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luca Carettoni · textwebappsphp

https://www.exploit-db.com/exploits/32298

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) with three example attack vectors. It references an incomplete fix for prior vulnerabilities but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: HP System Management Homepage (SMH)

No auth needed

Prerequisites: Access to a vulnerable HP SMH instance · Ability to craft malicious URLs

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026