EIP-2026-109038

The exploit demonstrates multiple XSS vulnerabilities in kooora v3.0 AR by injecting malicious scripts into various URL parameters. The PoC includes crafted URLs that trigger JavaScript alerts, confirming the presence of reflected XSS flaws.