EIP-2026-108961

PRE-CVE

Kajona 4.7 - Cross-Site Scripting / Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108961. PoCs published by Curesec Research Team.

AI-analyzed exploit summary The document details multiple XSS and directory traversal vulnerabilities in Kajona CMS 4.7, including proof-of-concept URLs and code snippets. It explains the technical root causes and provides mitigation steps.

Description

Kajona 4.7 - Cross-Site Scripting / Directory Traversal

Exploits (1)

exploitdb WRITEUP

by Curesec Research Team · textwebappsphp

https://www.exploit-db.com/exploits/40395

View Code ZIP pw:eip

The document details multiple XSS and directory traversal vulnerabilities in Kajona CMS 4.7, including proof-of-concept URLs and code snippets. It explains the technical root causes and provides mitigation steps.

Classification

Writeup 100%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Kajona CMS 4.7

No auth needed

Prerequisites: Access to the target Kajona CMS instance

MITRE ATT&CK

T1059.007 - JavaScript T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026