EIP-2026-108176
PRE-CVEJoomla! 1.5/1.6 - JFilterInput Cross-Site Scripting Bypass
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-108176. PoCs published by Jeff Channell.
AI-analyzed exploit summary This writeup describes an XSS bypass vulnerability in Joomla! 1.5.22 and 1.6.0 due to improper sanitization in the JFilterInput class. The provided malformed HTML string bypasses the filter, allowing arbitrary JavaScript execution.
Description
Joomla! 1.5/1.6 - JFilterInput Cross-Site Scripting Bypass
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Jeff Channell · textwebappsphp
https://www.exploit-db.com/exploits/16091
This writeup describes an XSS bypass vulnerability in Joomla! 1.5.22 and 1.6.0 due to improper sanitization in the JFilterInput class. The provided malformed HTML string bypasses the filter, allowing arbitrary JavaScript execution.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Joomla! 1.5.22, 1.6.0
Auth required
Prerequisites:
User input field that relies on JFilterInput for sanitization · For Joomla! 1.6, the 'Profile' user plugin must be enabled
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026