EIP-2026-113072

PRE-CVE

Vicidial 2.11 - Scripts Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113072. PoCs published by David Silveiro.

AI-analyzed exploit summary This exploit demonstrates an authenticated stored XSS vulnerability in Vicidial 2.11. The PoC shows how insufficient sanitization in the 'Script Name' and 'Script Text' fields allows arbitrary JavaScript execution when previewing the script.

Description

Vicidial 2.11 - Scripts Persistent Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by David Silveiro · textwebappsphp

https://www.exploit-db.com/exploits/39970

View Code ZIP pw:eip

This exploit demonstrates an authenticated stored XSS vulnerability in Vicidial 2.11. The PoC shows how insufficient sanitization in the 'Script Name' and 'Script Text' fields allows arbitrary JavaScript execution when previewing the script.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Vicidial 2.11

Auth required

Prerequisites: Authenticated access with sufficient permissions to create scripts

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026