EIP-2026-111515

PRE-CVE

ProcessMaker 3.0.1.7 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111515. PoCs published by Mickael Dorigny.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in ProcessMaker v3.0.1.7, including CSRF and XSS (both stored and reflected). It provides proof-of-concept code for exploiting these vulnerabilities via crafted HTML forms and JavaScript auto-submission.

Description

ProcessMaker 3.0.1.7 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Mickael Dorigny · textwebappsphp

https://www.exploit-db.com/exploits/39872

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in ProcessMaker v3.0.1.7, including CSRF and XSS (both stored and reflected). It provides proof-of-concept code for exploiting these vulnerabilities via crafted HTML forms and JavaScript auto-submission.

Classification

Working Poc 100%

Attack Type

Xss | Csrf

Complexity

Trivial

Reliability

Reliable

Target: ProcessMaker v3.0.1.7

Auth required

Prerequisites: Authenticated user session · Victim interaction (e.g., phishing or auto-submit tricks)

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026