EIP-2026-111396

PRE-CVE

Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111396. PoCs published by Ömer Hasan Durmuş.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Police Crime Record Management System 1.0 by injecting malicious JavaScript payloads into the 'Firstname' or 'Othernames' fields during staff addition. The payload executes when the page is updated, confirming the vulnerability.

Description

Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by Ömer Hasan Durmuş · textwebappsphp

https://www.exploit-db.com/exploits/50195

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Police Crime Record Management System 1.0 by injecting malicious JavaScript payloads into the 'Firstname' or 'Othernames' fields during staff addition. The payload executes when the page is updated, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Police Crime Record Management System 1.0

Auth required

Prerequisites: Admin credentials (default: 1111:admin123) · Access to the admin panel

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026