EIP-2026-109619

PRE-CVE

MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109619. PoCs published by LiquidWorm.

AI-analyzed exploit summary The provided code demonstrates multiple stored XSS vulnerabilities in MTP Guestbook 1.0 by injecting malicious scripts via unsanitized input parameters in POST requests to various endpoints.

Description

MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/24545

View Code ZIP pw:eip

The provided code demonstrates multiple stored XSS vulnerabilities in MTP Guestbook 1.0 by injecting malicious scripts via unsanitized input parameters in POST requests to various endpoints.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: MTP Guestbook 1.0

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026