EIP-2026-113138
PRE-CVEVoipNow Professional 2.5.3 - 'nsextt' Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-113138. PoCs published by Aboud-el.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in VoipNow Professional 2.5.3, where user-supplied input is not properly sanitized, allowing arbitrary script execution in the context of the affected site. The example URL demonstrates the vulnerability by injecting an XSS payload via the 'nsextt' parameter.
Description
VoipNow Professional 2.5.3 - 'nsextt' Cross-Site Scripting
Exploits (1)
The provided text describes a cross-site scripting (XSS) vulnerability in VoipNow Professional 2.5.3, where user-supplied input is not properly sanitized, allowing arbitrary script execution in the context of the affected site. The example URL demonstrates the vulnerability by injecting an XSS payload via the 'nsextt' parameter.