EIP-2026-113360
PRE-CVEWebsiteKit Gbplus - 'Name' / 'Body' HTML Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-113360. PoCs published by MiND.
AI-analyzed exploit summary This is a writeup describing an HTML injection vulnerability in Gbplus, where user-supplied input is not properly sanitized, allowing for XSS attacks. The provided example demonstrates a simple meta refresh tag injection.
Description
WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by MiND · textwebappsphp
https://www.exploit-db.com/exploits/34541
This is a writeup describing an HTML injection vulnerability in Gbplus, where user-supplied input is not properly sanitized, allowing for XSS attacks. The provided example demonstrates a simple meta refresh tag injection.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Gbplus (version not specified)
No auth needed
Prerequisites:
Access to input fields vulnerable to HTML injection
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026