EIP-2026-110514
PRE-CVEPBLang 4.0/4.56 Bulletin Board System - IMG Tag HTML Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-110514. PoCs published by Quan Van Truong.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in PBLang, allowing an attacker to inject malicious JavaScript code within PBLang tags. The provided payload steals user cookies by opening a new window to a malicious URL.
Description
PBLang 4.0/4.56 Bulletin Board System - IMG Tag HTML Injection
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Quan Van Truong · textwebappsphp
https://www.exploit-db.com/exploits/22960
This exploit demonstrates an HTML injection vulnerability in PBLang, allowing an attacker to inject malicious JavaScript code within PBLang tags. The provided payload steals user cookies by opening a new window to a malicious URL.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
PBLang (version unspecified)
No auth needed
Prerequisites:
Access to a PBLang bulletin board with vulnerable input handling
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026