EIP-2026-109444

PRE-CVE

Micro CMS 1.0 - 'name' HTML Injection (2)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109444. PoCs published by SecPod Research.

AI-analyzed exploit summary The provided code demonstrates an HTML injection vulnerability in Micro CMS 1.0 beta 1. It includes multiple script tags that trigger an alert, confirming the XSS vulnerability by executing arbitrary JavaScript in the context of the affected browser.

Description

Micro CMS 1.0 - 'name' HTML Injection (2)

Exploits (1)

exploitdb WORKING POC VERIFIED

by SecPod Research · textwebappsphp

https://www.exploit-db.com/exploits/34891

View Code ZIP pw:eip

The provided code demonstrates an HTML injection vulnerability in Micro CMS 1.0 beta 1. It includes multiple script tags that trigger an alert, confirming the XSS vulnerability by executing arbitrary JavaScript in the context of the affected browser.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Micro CMS 1.0 beta 1

No auth needed

Prerequisites: Access to a vulnerable Micro CMS instance · Ability to inject malicious input into the application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026