EIP-2026-111876

PRE-CVE

Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111876. PoCs published by Vijay Sachdeva.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the Sales and Inventory System for Grocery Store 1.0. The payload is injected into the 'First Name' field of the 'Add Customer' form, triggering when the 'Customer' page is accessed.

Description

Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS

Exploits (1)

exploitdb WORKING POC

by Vijay Sachdeva · textwebappsphp

https://www.exploit-db.com/exploits/49329

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in the Sales and Inventory System for Grocery Store 1.0. The payload is injected into the 'First Name' field of the 'Add Customer' form, triggering when the 'Customer' page is accessed.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Sales and Inventory System for Grocery Store 1.0

Auth required

Prerequisites: Admin credentials · Access to the 'Add Customer' form

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026