EIP-2026-111967

PRE-CVE

Securimage - 'example_form.php' Cross-Site Scripting

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111967. PoCs published by Gjoko Krstic.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Securimage 3.5, where an attacker can inject arbitrary script code via a crafted URL. The example demonstrates a basic XSS payload that steals cookies.

Description

Securimage - 'example_form.php' Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED
by Gjoko Krstic · textwebappsphp
https://www.exploit-db.com/exploits/38509

The provided text describes a cross-site scripting (XSS) vulnerability in Securimage 3.5, where an attacker can inject arbitrary script code via a crafted URL. The example demonstrates a basic XSS payload that steals cookies.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Securimage 3.5
No auth needed
Prerequisites: Access to a vulnerable Securimage instance · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026