EIP-2026-112113

PRE-CVE

Simple Machines Forum (SMF) 1.1.7 - '[url]' Tag HTML Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112113. PoCs published by Xianur0.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Simple Machines Forum, allowing attacker-supplied HTML and script code to execute in the context of the affected browser. It includes examples of cookie theft via JavaScript and an iframe injection.

Description

Simple Machines Forum (SMF) 1.1.7 - '[url]' Tag HTML Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by Xianur0 · textwebappsphp

https://www.exploit-db.com/exploits/32773

View Code ZIP pw:eip

This exploit demonstrates an HTML injection vulnerability in Simple Machines Forum, allowing attacker-supplied HTML and script code to execute in the context of the affected browser. It includes examples of cookie theft via JavaScript and an iframe injection.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Simple Machines Forum (version not specified)

No auth needed

Prerequisites: User interaction required to trigger the payload

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026