EIP-2026-111463

PRE-CVE

PragmaMX 1.2.10 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111463. PoCs published by HauntIT.

AI-analyzed exploit summary This is a technical writeup detailing a persistent XSS vulnerability in PragmaMX 1.12.0, specifically in the 'Private Messages' module. The vulnerability allows authenticated users to inject malicious scripts via the 'message' parameter, which are then executed when viewed by other users.

Description

PragmaMX 1.2.10 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP

by HauntIT · textwebappsphp

https://www.exploit-db.com/exploits/18439

View Code ZIP pw:eip

This is a technical writeup detailing a persistent XSS vulnerability in PragmaMX 1.12.0, specifically in the 'Private Messages' module. The vulnerability allows authenticated users to inject malicious scripts via the 'message' parameter, which are then executed when viewed by other users.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: PragmaMX 1.12.0

Auth required

Prerequisites: Authenticated user access to the PragmaMX Private Messages module

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026