EIP-2026-109197

PRE-CVE

Local Services Search Engine Management System (LSSMES) 1.0 - 'name' Persistent Cross-Site Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109197. PoCs published by Tushar Vaidya.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in Local Services Search Engine Management System (LSSMES) 1.0. The payload is injected via the 'name' and 'address' fields in the admin panel, which is then rendered in multiple pages without proper sanitization.

Description

Local Services Search Engine Management System (LSSMES) 1.0 - 'name' Persistent Cross-Site Scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by Tushar Vaidya · textwebappsphp

https://www.exploit-db.com/exploits/49609

View Code ZIP pw:eip

This exploit demonstrates a persistent XSS vulnerability in Local Services Search Engine Management System (LSSMES) 1.0. The payload is injected via the 'name' and 'address' fields in the admin panel, which is then rendered in multiple pages without proper sanitization.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Local Services Search Engine Management System (LSSMES) v1.0

Auth required

Prerequisites: Admin credentials · Access to the admin panel

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026