EIP-2026-111262
PRE-CVEPhreebooks 2.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-111262. PoCs published by Gustavo Sorondo.
AI-analyzed exploit summary The advisory describes multiple permanent XSS vulnerabilities in Phreebooks v2.0 due to insufficient input sanitization. It outlines how authenticated users can exploit these flaws by modifying Vendors, Customers, Employees, or Inventory items.
Description
Phreebooks 2.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Gustavo Sorondo · textwebappsphp
https://www.exploit-db.com/exploits/13776
The advisory describes multiple permanent XSS vulnerabilities in Phreebooks v2.0 due to insufficient input sanitization. It outlines how authenticated users can exploit these flaws by modifying Vendors, Customers, Employees, or Inventory items.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Phreebooks v2.0
Auth required
Prerequisites:
Authenticated access to Phreebooks v2.0 · Ability to add/modify Vendors, Customers, Employees, or Inventory items
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026