EIP-2026-112530

PRE-CVE

Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112530. PoCs published by Alexander Fuchs.

AI-analyzed exploit summary The provided code demonstrates multiple XSS vulnerabilities in Syneto Unified Threat Management by injecting malicious script code into various input fields and parameters. The PoC includes examples of persistent and reflected XSS attacks, targeting specific pages and parameters.

Description

Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alexander Fuchs · textwebappsphp

https://www.exploit-db.com/exploits/36586

View Code ZIP pw:eip

The provided code demonstrates multiple XSS vulnerabilities in Syneto Unified Threat Management by injecting malicious script code into various input fields and parameters. The PoC includes examples of persistent and reflected XSS attacks, targeting specific pages and parameters.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Syneto Unified Threat Management 1.4.2 and 1.3.3 Community Edition

Auth required

Prerequisites: Access to privileged user accounts or lowviewers · User interaction required for some attacks

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026