EIP-2026-107841

This exploit demonstrates multiple XSS vulnerabilities in InfraPower PPS-02-S Q213V1 firmware V2395S, including stored and reflected XSS via various parameters in scripts like SensorDetails.php, FWUpgrade.php, and SNMP.php. The PoC includes HTTP requests with malicious payloads and a PHP source code scan revealing additional vulnerabilities like command injection and header injection.