EIP-2026-111305
PRE-CVEPixie 1.0.4 - HTML Injection / Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-111305. PoCs published by High-Tech Bridge SA.
AI-analyzed exploit summary This exploit demonstrates an XSS vulnerability in Pixie CMS by injecting malicious JavaScript into form fields. The PoC submits crafted input to the admin settings page, triggering arbitrary script execution in the context of the affected site.
Description
Pixie 1.0.4 - HTML Injection / Cross-Site Scripting
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge SA · htmlwebappsphp
https://www.exploit-db.com/exploits/34338
This exploit demonstrates an XSS vulnerability in Pixie CMS by injecting malicious JavaScript into form fields. The PoC submits crafted input to the admin settings page, triggering arbitrary script execution in the context of the affected site.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Pixie CMS 1.0.4
Auth required
Prerequisites:
Access to admin settings page · Valid session credentials
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026