EIP-2026-112432

PRE-CVE

Stock Management System 1.0 - 'Brand Name' Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112432. PoCs published by Adeeb Shah.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in Stock Management System 1.0 via the 'Brand Name' parameter. The provided HTTP request shows how an attacker can inject malicious JavaScript code, which executes when the brand name is displayed on any page.

Description

Stock Management System 1.0 - 'Brand Name' Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Adeeb Shah · textwebappsphp

https://www.exploit-db.com/exploits/48926

View Code ZIP pw:eip

This exploit demonstrates a persistent XSS vulnerability in Stock Management System 1.0 via the 'Brand Name' parameter. The provided HTTP request shows how an attacker can inject malicious JavaScript code, which executes when the brand name is displayed on any page.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Stock Management System 1.0

Auth required

Prerequisites: Admin privileges · Valid session cookie

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026