EIP-2026-112298

PRE-CVE

Social Share - 'search' Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112298. PoCs published by Aliaksandr Hartsuyeu.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Social Share, where insufficient sanitization of user-supplied input allows arbitrary script execution in the context of the affected site. The example URL demonstrates the vulnerability by injecting an XSS payload into the 'search' parameter.

Description

Social Share - 'search' Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aliaksandr Hartsuyeu · textwebappsphp

https://www.exploit-db.com/exploits/35142

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in Social Share, where insufficient sanitization of user-supplied input allows arbitrary script execution in the context of the affected site. The example URL demonstrates the vulnerability by injecting an XSS payload into the 'search' parameter.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Social Share (version not specified)

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026