EIP-2026-112154

PRE-CVE

Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112154. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This is a working proof-of-concept for a stored XSS vulnerability in Simplephpscripts Simple CMS 2.1. The exploit demonstrates how an authenticated attacker can inject malicious JavaScript payloads into user input fields (name, username, password), which execute when the user list is viewed.

Description

Simplephpscripts Simple CMS 2.1 - 'Multiple' Stored Cross-Site Scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/50482

View Code ZIP pw:eip

This is a working proof-of-concept for a stored XSS vulnerability in Simplephpscripts Simple CMS 2.1. The exploit demonstrates how an authenticated attacker can inject malicious JavaScript payloads into user input fields (name, username, password), which execute when the user list is viewed.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Simplephpscripts Simple CMS v2.1

Auth required

Prerequisites: Authenticated admin/root access to the CMS

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026