EIP-2026-112377

PRE-CVE

Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel - Multiple Cross-Site Scripting Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112377. PoCs published by Lorenzo Hernandez Garcia-Hierro.

AI-analyzed exploit summary The exploit demonstrates multiple XSS vulnerabilities in Sphera HostingDirector VDS Control Panel due to insufficient input sanitization in URI parameters. It provides specific attack vectors for injecting malicious scripts via the 'uid', 'error', and other parameters in login screens.

Description

Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel - Multiple Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Lorenzo Hernandez Garcia-Hierro · textwebappsphp

https://www.exploit-db.com/exploits/22762

View Code ZIP pw:eip

The exploit demonstrates multiple XSS vulnerabilities in Sphera HostingDirector VDS Control Panel due to insufficient input sanitization in URI parameters. It provides specific attack vectors for injecting malicious scripts via the 'uid', 'error', and other parameters in login screens.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Sphera HostingDirector VDS Control Panel

No auth needed

Prerequisites: Access to the target's login page

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026