EIP-2026-112528

PRE-CVE

SyndeoCMS 2.9 - Multiple HTML Injection Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112528. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This exploit demonstrates multiple HTML injection vulnerabilities in SyndeoCMS 2.9.0 by injecting malicious scripts into form fields, which execute in the context of the affected browser. The PoC includes crafted form submissions targeting specific modules to trigger XSS via unsanitized input.

Description

SyndeoCMS 2.9 - Multiple HTML Injection Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · htmlwebappsphp

https://www.exploit-db.com/exploits/34379

View Code ZIP pw:eip

This exploit demonstrates multiple HTML injection vulnerabilities in SyndeoCMS 2.9.0 by injecting malicious scripts into form fields, which execute in the context of the affected browser. The PoC includes crafted form submissions targeting specific modules to trigger XSS via unsanitized input.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: SyndeoCMS 2.9.0

No auth needed

Prerequisites: Access to the target SyndeoCMS instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026