EIP-2026-113277

PRE-CVE

webERP 4.3.8 - Multiple Script URI Cross-Site Scripting Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113277. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The provided code demonstrates multiple XSS vulnerabilities in webERP 4.0.5 by injecting JavaScript payloads into various endpoints. The payloads are designed to execute arbitrary script code in the context of the affected site, potentially leading to cookie theft or further attacks.

Description

webERP 4.3.8 - Multiple Script URI Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36313

The provided code demonstrates multiple XSS vulnerabilities in webERP 4.0.5 by injecting JavaScript payloads into various endpoints. The payloads are designed to execute arbitrary script code in the context of the affected site, potentially leading to cookie theft or further attacks.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: webERP 4.0.5
No auth needed
Prerequisites: Access to the target webERP application
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026