EIP-2026-109593

PRE-CVE

Mouse Media Script 1.6 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109593. PoCs published by Halil Dalabasmaz.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Mouse Media Script v1.6, where an attacker can inject malicious JavaScript via the 'Title' or 'Description' fields during image upload. The payload executes when other users visit the homepage, stealing cookies or performing other malicious actions.

Description

Mouse Media Script 1.6 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Halil Dalabasmaz · textwebappsphp

https://www.exploit-db.com/exploits/35160

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Mouse Media Script v1.6, where an attacker can inject malicious JavaScript via the 'Title' or 'Description' fields during image upload. The payload executes when other users visit the homepage, stealing cookies or performing other malicious actions.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Mouse Media Script v1.6

Auth required

Prerequisites: Valid user credentials to upload an image · Access to the image upload functionality

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026