EIP-2026-112105
PRE-CVESimple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-112105. PoCs published by Benjamin Kunz Mejri.
AI-analyzed exploit summary This exploit demonstrates multiple persistent XSS vulnerabilities in Simple Machines Forum 2.0.2 due to improper input sanitization. Attackers can inject malicious scripts into admin panels, affecting users who interact with compromised pages.
Description
Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Benjamin Kunz Mejri · textwebappsphp
https://www.exploit-db.com/exploits/37505
This exploit demonstrates multiple persistent XSS vulnerabilities in Simple Machines Forum 2.0.2 due to improper input sanitization. Attackers can inject malicious scripts into admin panels, affecting users who interact with compromised pages.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Simple Machines Forum 2.0.2
Auth required
Prerequisites:
Low-privileged user account · Access to admin panels
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026