EIP-2026-111232
PRE-CVEphpVideoPro 0.8.x/0.9.7 - Multiple Cross-Site Scripting Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-111232. PoCs published by Stefan Schurtz.
AI-analyzed exploit summary This exploit demonstrates multiple reflected XSS vulnerabilities in phpVideoPro 0.9.7 due to improper input sanitization. The PoC includes crafted URLs that inject arbitrary JavaScript, potentially allowing cookie theft or other client-side attacks.
Description
phpVideoPro 0.8.x/0.9.7 - Multiple Cross-Site Scripting Vulnerabilities
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Stefan Schurtz · textwebappsphp
https://www.exploit-db.com/exploits/36567
This exploit demonstrates multiple reflected XSS vulnerabilities in phpVideoPro 0.9.7 due to improper input sanitization. The PoC includes crafted URLs that inject arbitrary JavaScript, potentially allowing cookie theft or other client-side attacks.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
phpVideoPro 0.9.7
No auth needed
Prerequisites:
Access to the target application · User interaction to trigger the XSS
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026