EIP-2026-112570

PRE-CVE

TCExam 11.2.x - Multiple Cross-Site Scripting Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112570. PoCs published by Gjoko Krstic.

AI-analyzed exploit summary The provided code demonstrates multiple XSS vulnerabilities in TCExam by showing specific GET and POST requests that inject malicious scripts. These exploits leverage unsanitized user input in the application's admin interface.

Description

TCExam 11.2.x - Multiple Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gjoko Krstic · textwebappsphp

https://www.exploit-db.com/exploits/35942

View Code ZIP pw:eip

The provided code demonstrates multiple XSS vulnerabilities in TCExam by showing specific GET and POST requests that inject malicious scripts. These exploits leverage unsanitized user input in the application's admin interface.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: TCExam 11.2.009, 11.2.010, 11.2.011

Auth required

Prerequisites: Access to the admin interface of TCExam

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026