EIP-2026-111049

PRE-CVE

PHPfileNavigator 2.3.3 - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111049. PoCs published by hyp3rlinx.

AI-analyzed exploit summary The exploit details persistent and reflected XSS vulnerabilities in PHPfileNavigator v2.3.3. It describes how to inject malicious payloads into user profile fields and bypass basic filtering using event-based vectors like <DIV onMouseMove>. No executable code is provided, only URLs and descriptions.

Description

PHPfileNavigator 2.3.3 - Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP

by hyp3rlinx · textwebappsphp

https://www.exploit-db.com/exploits/37817

View Code ZIP pw:eip

The exploit details persistent and reflected XSS vulnerabilities in PHPfileNavigator v2.3.3. It describes how to inject malicious payloads into user profile fields and bypass basic filtering using event-based vectors like <DIV onMouseMove>. No executable code is provided, only URLs and descriptions.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: PHPfileNavigator v2.3.3

Auth required

Prerequisites: Access to the 'Modify User' form or ability to craft malicious URLs · Victim interaction for reflected XSS

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026