EIP-2026-110149

PRE-CVE

Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110149. PoCs published by Richard Jones.

AI-analyzed exploit summary This exploit demonstrates multiple stored XSS vulnerabilities in Online News Portal 1.0 by injecting malicious scripts into form fields. The PoC includes HTTP requests targeting admin endpoints for adding/editing customers, suppliers, and products.

Description

Online News Portal 1.0 - 'Multiple' Stored Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Richard Jones · textwebappsphp

https://www.exploit-db.com/exploits/49688

View Code ZIP pw:eip

This exploit demonstrates multiple stored XSS vulnerabilities in Online News Portal 1.0 by injecting malicious scripts into form fields. The PoC includes HTTP requests targeting admin endpoints for adding/editing customers, suppliers, and products.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Online News Portal 1.0

Auth required

Prerequisites: Access to admin panel · Valid session cookie (PHPSESSID)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026