EIP-2026-107673

PRE-CVE

Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated)

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107673. PoCs published by Reza Afsahi.

AI-analyzed exploit summary This exploit demonstrates a persistent Cross-Site Scripting (XSS) vulnerability in Human Resource Information System 0.1. An authenticated assistant can inject malicious JavaScript into the 'First Name' field, which executes when viewed by other users, including the Super Admin.

Description

Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated)

Exploits (1)

exploitdb WORKING POC
by Reza Afsahi · textwebappsphp
https://www.exploit-db.com/exploits/49854

This exploit demonstrates a persistent Cross-Site Scripting (XSS) vulnerability in Human Resource Information System 0.1. An authenticated assistant can inject malicious JavaScript into the 'First Name' field, which executes when viewed by other users, including the Super Admin.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Human Resource Information System 0.1
Auth required
Prerequisites: Authenticated access as an assistant · Access to the Add Employee page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026