EIP-2026-108772
PRE-CVEJoomla! Component Kunena 3.0.4 - Persistent Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-108772. PoCs published by Qoppa.
AI-analyzed exploit summary The exploit demonstrates a persistent XSS vulnerability in Kunena 3.0.4 by injecting malicious JavaScript via the [map] BBCode tag. The vulnerable function in bbcode.php fails to properly sanitize single quotes, allowing arbitrary script execution.
Description
Joomla! Component Kunena 3.0.4 - Persistent Cross-Site Scripting
Exploits (1)
exploitdb
WORKING POC
by Qoppa · textwebappsphp
https://www.exploit-db.com/exploits/32562
The exploit demonstrates a persistent XSS vulnerability in Kunena 3.0.4 by injecting malicious JavaScript via the [map] BBCode tag. The vulnerable function in bbcode.php fails to properly sanitize single quotes, allowing arbitrary script execution.
Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Kunena 3.0.4
Auth required
Prerequisites:
User authentication to post in the forum
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026