EIP-2026-112615
PRE-CVETextpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-112615. PoCs published by Alperen Ergel.
AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in Textpattern CMS 4.6.2 by injecting a malicious script into the 'body' field of a blog post. The payload is executed when the post is viewed.
Description
Textpattern CMS 4.6.2 - 'body' Persistent Cross-Site Scripting
Exploits (1)
exploitdb
WORKING POC
by Alperen Ergel · textwebappsphp
https://www.exploit-db.com/exploits/48861
This exploit demonstrates a persistent XSS vulnerability in Textpattern CMS 4.6.2 by injecting a malicious script into the 'body' field of a blog post. The payload is executed when the post is viewed.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Textpattern CMS 4.6.2
Auth required
Prerequisites:
Administrator access to the Textpattern CMS
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026