EIP-2026-111540

PRE-CVE

ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111540. PoCs published by Michael Helwig.

AI-analyzed exploit summary The exploit demonstrates multiple persistent and non-persistent XSS vulnerabilities in ProjectSend r582. It includes curl commands and payloads that inject malicious scripts into search boxes and user input fields, affecting both clients and admins.

Description

ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Michael Helwig · textwebappsphp

https://www.exploit-db.com/exploits/39588

View Code ZIP pw:eip

The exploit demonstrates multiple persistent and non-persistent XSS vulnerabilities in ProjectSend r582. It includes curl commands and payloads that inject malicious scripts into search boxes and user input fields, affecting both clients and admins.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: ProjectSend r582

Auth required

Prerequisites: Access to a valid session (PHPSESSID) · Client or admin privileges depending on the exploit

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026