EIP-2026-109377

PRE-CVE

MCImageManager - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109377. PoCs published by MustLive.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in MCImageManager, including XSS and content spoofing via malicious FLV player parameters and XML playlist manipulation. The PoC shows how arbitrary script execution and content manipulation can be achieved through crafted URLs and embedded SWF files.

Description

MCImageManager - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by MustLive · textwebappsphp

https://www.exploit-db.com/exploits/38709

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in MCImageManager, including XSS and content spoofing via malicious FLV player parameters and XML playlist manipulation. The PoC shows how arbitrary script execution and content manipulation can be achieved through crafted URLs and embedded SWF files.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: MCImageManager 3.1.5 and prior

No auth needed

Prerequisites: Access to the target's TinyMCE plugin directory · Ability to host or inject malicious XML/FLV files

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026