EIP-2026-108744
PRE-CVEJoomla! Component JoomlaXi - Persistent Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-108744. PoCs published by Karthik R.
AI-analyzed exploit summary This is a technical writeup describing a persistent XSS vulnerability in JoomlaXi's Event module. The exploit involves injecting malicious JavaScript via an IFRAME tag in input fields, which executes when the event is viewed.
Description
Joomla! Component JoomlaXi - Persistent Cross-Site Scripting
Exploits (1)
exploitdb
WRITEUP
by Karthik R · textwebappsphp
https://www.exploit-db.com/exploits/17452
This is a technical writeup describing a persistent XSS vulnerability in JoomlaXi's Event module. The exploit involves injecting malicious JavaScript via an IFRAME tag in input fields, which executes when the event is viewed.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
JoomlaXi Event module (version unspecified)
Auth required
Prerequisites:
Access to the Event module input fields · Ability to save the event
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026