EIP-2026-110514

PRE-CVE

PBLang 4.0/4.56 Bulletin Board System - IMG Tag HTML Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110514. PoCs published by Quan Van Truong.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in PBLang, allowing an attacker to inject malicious JavaScript code within PBLang tags. The provided payload steals user cookies by opening a new window to a malicious URL.

Description

PBLang 4.0/4.56 Bulletin Board System - IMG Tag HTML Injection

Exploits (1)

exploitdb WORKING POC VERIFIED
by Quan Van Truong · textwebappsphp
https://www.exploit-db.com/exploits/22960

This exploit demonstrates an HTML injection vulnerability in PBLang, allowing an attacker to inject malicious JavaScript code within PBLang tags. The provided payload steals user cookies by opening a new window to a malicious URL.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PBLang (version unspecified)
No auth needed
Prerequisites: Access to a PBLang bulletin board with vulnerable input handling
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026