EIP-2026-108798

PRE-CVE

Joomla! Component MS Comment 0.8.0b - Security Bypass / Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108798. PoCs published by Jeff Channell.

AI-analyzed exploit summary The provided text describes a security-bypass vulnerability in the MS Comment component for Joomla! due to improper input sanitization and CAPTCHA reset failure, leading to XSS attacks. Example payloads for XSS exploitation are included.

Description

Joomla! Component MS Comment 0.8.0b - Security Bypass / Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by Jeff Channell · textwebappsphp

https://www.exploit-db.com/exploits/33646

View Code ZIP pw:eip

The provided text describes a security-bypass vulnerability in the MS Comment component for Joomla! due to improper input sanitization and CAPTCHA reset failure, leading to XSS attacks. Example payloads for XSS exploitation are included.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: MS Comment component for Joomla! 0.8.0b

No auth needed

Prerequisites: Access to a vulnerable Joomla! instance with MS Comment component

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026