EIP-2026-110224

PRE-CVE

Open Classifieds - Multiple Cross-Site Scripting Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110224. PoCs published by Moudi.

AI-analyzed exploit summary This exploit demonstrates multiple reflected XSS vulnerabilities in Open Classifieds due to insufficient input sanitization. The PoC includes crafted URLs that inject arbitrary JavaScript code via script tags, leveraging line feed and carriage return encoding to bypass basic filters.

Description

Open Classifieds - Multiple Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/34655

View Code ZIP pw:eip

This exploit demonstrates multiple reflected XSS vulnerabilities in Open Classifieds due to insufficient input sanitization. The PoC includes crafted URLs that inject arbitrary JavaScript code via script tags, leveraging line feed and carriage return encoding to bypass basic filters.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Open Classifieds (version unspecified)

No auth needed

Prerequisites: Access to the target application · Victim interaction (clicking malicious links)

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026