EIP-2026-111584
PRE-CVEPunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-111584. PoCs published by Piotr Duszynski.
AI-analyzed exploit summary The exploit demonstrates multiple reflected XSS vulnerabilities in PunBB by injecting malicious scripts into various input parameters. The PoC includes crafted GET and POST requests targeting different endpoints, confirming the lack of proper input sanitization.
Description
PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Piotr Duszynski · textwebappsphp
https://www.exploit-db.com/exploits/36137
The exploit demonstrates multiple reflected XSS vulnerabilities in PunBB by injecting malicious scripts into various input parameters. The PoC includes crafted GET and POST requests targeting different endpoints, confirming the lack of proper input sanitization.
Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
PunBB (version not specified)
No auth needed
Prerequisites:
Access to vulnerable PunBB instance
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026