EIP-2026-112378

PRE-CVE

Sphider 1.3 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112378. PoCs published by Soot.

AI-analyzed exploit summary The exploit demonstrates XSS vulnerabilities in Sphider by injecting arbitrary script code via unsanitized user input in the search.php file. The PoC includes example URLs with script tags to trigger alerts.

Description

Sphider 1.3 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Soot · textwebappsphp

https://www.exploit-db.com/exploits/27886

View Code ZIP pw:eip

The exploit demonstrates XSS vulnerabilities in Sphider by injecting arbitrary script code via unsanitized user input in the search.php file. The PoC includes example URLs with script tags to trigger alerts.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Sphider (version not specified)

No auth needed

Prerequisites: Access to the target application's search.php endpoint

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026