EIP-2026-111089

PRE-CVE

PHPJabbers Job Listing Script - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111089. PoCs published by HackXBack.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Job Listing Script, including CSRF for admin credential changes and XSS in categories, types, and countries. The PoC includes functional HTML forms that trigger these vulnerabilities when loaded.

Description

PHPJabbers Job Listing Script - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by HackXBack · textwebappsphp

https://www.exploit-db.com/exploits/30910

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Job Listing Script, including CSRF for admin credential changes and XSS in categories, types, and countries. The PoC includes functional HTML forms that trigger these vulnerabilities when loaded.

Classification

Working Poc 95%

Attack Type

Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Job Listing Script (PHPJabbers)

No auth needed

Prerequisites: Victim must visit a malicious page or be tricked into submitting a crafted form

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026