EIP-2026-109352

PRE-CVE

Max's Guestbook - HTML Injection / Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109352. PoCs published by MiND C0re.

AI-analyzed exploit summary This exploit demonstrates XSS and HTML injection vulnerabilities in Max's Guestbook 1.0. The PoC shows how an attacker can inject malicious scripts or HTML meta tags into the 'Name' field of a guestbook comment to redirect users or execute arbitrary JavaScript.

Description

Max's Guestbook - HTML Injection / Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by MiND C0re · textwebappsphp

https://www.exploit-db.com/exploits/14834

View Code ZIP pw:eip

This exploit demonstrates XSS and HTML injection vulnerabilities in Max's Guestbook 1.0. The PoC shows how an attacker can inject malicious scripts or HTML meta tags into the 'Name' field of a guestbook comment to redirect users or execute arbitrary JavaScript.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Max's Guestbook 1.0

No auth needed

Prerequisites: Access to the guestbook comment submission form

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026