EIP-2026-110869
PRE-CVEPHP-Nuke 8.0 Downloads Module - 'query' Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-110869. PoCs published by Schap Security.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in PHP-Nuke 8.0 by injecting a malicious script into the 'query' parameter of the Downloads module. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookies or performing other malicious actions.
Description
PHP-Nuke 8.0 Downloads Module - 'query' Cross-Site Scripting
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in PHP-Nuke 8.0 by injecting a malicious script into the 'query' parameter of the Downloads module. The script executes arbitrary JavaScript in the context of the affected site, potentially stealing cookies or performing other malicious actions.