EIP-2026-107957

PRE-CVE

iScripts EasyBiller - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107957. PoCs published by Sangteamtham.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in iScripts EasyBiller by injecting JavaScript payloads into user profile fields such as 'First Name' and 'Title'. The payload triggers an alert dialog when the profile is viewed, confirming the XSS vulnerability.

Description

iScripts EasyBiller - Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sangteamtham · textwebappsphp

https://www.exploit-db.com/exploits/14165

View Code ZIP pw:eip

This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in iScripts EasyBiller by injecting JavaScript payloads into user profile fields such as 'First Name' and 'Title'. The payload triggers an alert dialog when the profile is viewed, confirming the XSS vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: iScripts EasyBiller

Auth required

Prerequisites: Valid user credentials to access the profile edit page

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026