EIP-2026-112595

PRE-CVE

Tendoo CMS 1.3 - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112595. PoCs published by Arash Khazaei.

AI-analyzed exploit summary This is a writeup describing stored and reflected XSS vulnerabilities in Tendoo CMS version 1.3, specifically in the profile update section. The document provides details on how JavaScript can be executed via the First Name and Last Name inputs.

Description

Tendoo CMS 1.3 - Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by Arash Khazaei · textwebappsphp

https://www.exploit-db.com/exploits/37715

View Code ZIP pw:eip

This is a writeup describing stored and reflected XSS vulnerabilities in Tendoo CMS version 1.3, specifically in the profile update section. The document provides details on how JavaScript can be executed via the First Name and Last Name inputs.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Tendoo CMS 1.3

Auth required

Prerequisites: Access to the profile update section · Valid user session

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026