EIP-2026-112952

PRE-CVE

VamCart CMS 0.9 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112952. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This advisory details multiple persistent XSS vulnerabilities in VamCart v0.9 CMS, affecting modules like Manage Accounts, Manage Coupons, and Order Comments. The vulnerabilities stem from insufficient input validation in parameters such as 'Title', 'Name', 'Coupon Code', and 'Comments Text'.

Description

VamCart CMS 0.9 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/19864

View Code ZIP pw:eip

This advisory details multiple persistent XSS vulnerabilities in VamCart v0.9 CMS, affecting modules like Manage Accounts, Manage Coupons, and Order Comments. The vulnerabilities stem from insufficient input validation in parameters such as 'Title', 'Name', 'Coupon Code', and 'Comments Text'.

Classification

Writeup 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: VamCart v0.9 CMS

Auth required

Prerequisites: Low-privileged user account · Access to vulnerable modules

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026