EIP-2026-109031

PRE-CVE

KnowledgeTree 3.5.2 Community Edition - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109031. PoCs published by fdiskyou.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in KnowledgeTree 3.5.2 Community Edition. The attacker can inject malicious JavaScript code via the search box, which is then saved and executed when other users load the saved searches.

Description

KnowledgeTree 3.5.2 Community Edition - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by fdiskyou · textwebappsphp

https://www.exploit-db.com/exploits/14622

View Code ZIP pw:eip

This exploit demonstrates a persistent XSS vulnerability in KnowledgeTree 3.5.2 Community Edition. The attacker can inject malicious JavaScript code via the search box, which is then saved and executed when other users load the saved searches.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: KnowledgeTree 3.5.2 Community Edition

Auth required

Prerequisites: Access to the search functionality in KnowledgeTree · Ability to save searches

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026