EIP-2026-112871

PRE-CVE

ULoki Community Forum 2.1 - 'usercp.php' Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112871. PoCs published by Sioma Labs.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in ULoki Community Forum v2.1 via the 'location' parameter in usercp.php. The PoC injects a JavaScript alert payload, confirming the vulnerability.

Description

ULoki Community Forum 2.1 - 'usercp.php' Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sioma Labs · textwebappsphp

https://www.exploit-db.com/exploits/11385

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in ULoki Community Forum v2.1 via the 'location' parameter in usercp.php. The PoC injects a JavaScript alert payload, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: ULoki Community Forum v2.1

Auth required

Prerequisites: Authenticated user access to the forum · User interaction to trigger the payload

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026