EIP-2026-107941

PRE-CVE

Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107941. PoCs published by Subhadip Nag.

AI-analyzed exploit summary This exploit demonstrates multiple stored XSS vulnerabilities in Invoice System 1.0, where malicious scripts can be injected into various input fields (e.g., System Name, Service Name, Customer Name) and executed when accessed by other users, including admins.

Description

Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by Subhadip Nag · textwebappsphp

https://www.exploit-db.com/exploits/50121

View Code ZIP pw:eip

This exploit demonstrates multiple stored XSS vulnerabilities in Invoice System 1.0, where malicious scripts can be injected into various input fields (e.g., System Name, Service Name, Customer Name) and executed when accessed by other users, including admins.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Invoice System 1.0

Auth required

Prerequisites: Admin access to the Invoice System · XAMPP or similar server environment

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026