Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-110962. PoCs published by keupon_ps2.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in phpBB's BBCode parsing, allowing arbitrary JavaScript execution via malformed URL tags. The PoC shows how an attacker can inject malicious scripts into posts or messages due to insufficient sanitization.
Description
phpBB 2.0.6 - URL BBCode HTML Injection
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by keupon_ps2 · textwebappsphp
https://www.exploit-db.com/exploits/23125
This exploit demonstrates an HTML injection vulnerability in phpBB's BBCode parsing, allowing arbitrary JavaScript execution via malformed URL tags. The PoC shows how an attacker can inject malicious scripts into posts or messages due to insufficient sanitization.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
phpBB (version not specified)
No auth needed
Prerequisites:
Access to a phpBB instance where BBCode is rendered
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026