EIP-2026-112558

PRE-CVE

Task Management System 1.0 - 'First Name and Last Name' Stored XSS

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112558. PoCs published by Saeed Bala Ahmed.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Task Management System 1.0 by injecting malicious JavaScript into the 'First Name' or 'Last Name' fields. The payload executes when the user logs in again, displaying the domain name via an alert.

Description

Task Management System 1.0 - 'First Name and Last Name' Stored XSS

Exploits (1)

exploitdb WORKING POC

by Saeed Bala Ahmed · textwebappsphp

https://www.exploit-db.com/exploits/49222

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Task Management System 1.0 by injecting malicious JavaScript into the 'First Name' or 'Last Name' fields. The payload executes when the user logs in again, displaying the domain name via an alert.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Task Management System 1.0

Auth required

Prerequisites: Valid user credentials · Access to the 'Manage Account' feature

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026