EIP-2026-113395

PRE-CVE

Western Digital My Book World Edition 1.1.16 - 'lang' Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113395. PoCs published by emgent.

AI-analyzed exploit summary The exploit demonstrates multiple reflected XSS vulnerabilities in My Book World Edition firmware by injecting malicious JavaScript via the 'lang' parameter in various admin endpoints. The PoC URLs trigger arbitrary script execution in the context of the affected site.

Description

Western Digital My Book World Edition 1.1.16 - 'lang' Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by emgent · textwebappsphp

https://www.exploit-db.com/exploits/34083

View Code ZIP pw:eip

The exploit demonstrates multiple reflected XSS vulnerabilities in My Book World Edition firmware by injecting malicious JavaScript via the 'lang' parameter in various admin endpoints. The PoC URLs trigger arbitrary script execution in the context of the affected site.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: My Book World Edition 01.01.16 with MioNet 2.3.9.13 firmware

No auth needed

Prerequisites: Access to the target web interface

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026