EIP-2026-113138

PRE-CVE

VoipNow Professional 2.5.3 - 'nsextt' Cross-Site Scripting

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113138. PoCs published by Aboud-el.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in VoipNow Professional 2.5.3, where user-supplied input is not properly sanitized, allowing arbitrary script execution in the context of the affected site. The example URL demonstrates the vulnerability by injecting an XSS payload via the 'nsextt' parameter.

Description

VoipNow Professional 2.5.3 - 'nsextt' Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED
by Aboud-el · textwebappsphp
https://www.exploit-db.com/exploits/37339

The provided text describes a cross-site scripting (XSS) vulnerability in VoipNow Professional 2.5.3, where user-supplied input is not properly sanitized, allowing arbitrary script execution in the context of the affected site. The example URL demonstrates the vulnerability by injecting an XSS payload via the 'nsextt' parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: VoipNow Professional 2.5.3
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026