EIP-2026-110307

PRE-CVE

OpenFiler 2.3 - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110307. PoCs published by Brendan Coles.

AI-analyzed exploit summary This exploit demonstrates multiple XSS and information disclosure vulnerabilities in Openfiler. The PoC includes URLs with injected JavaScript to steal cookies and endpoints that leak sensitive system information.

Description

OpenFiler 2.3 - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Brendan Coles · textwebappsphp

https://www.exploit-db.com/exploits/37789

View Code ZIP pw:eip

This exploit demonstrates multiple XSS and information disclosure vulnerabilities in Openfiler. The PoC includes URLs with injected JavaScript to steal cookies and endpoints that leak sensitive system information.

Classification

Working Poc 90%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Openfiler versions 2.3, 2.99.1, and 2.99.2

No auth needed

Prerequisites: Access to the vulnerable Openfiler web interface

MITRE ATT&CK

T1059.007 - JavaScript T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026