EIP-2026-114438

PRE-CVE

XMB Forum 1.6 - Magic Lantern Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114438. PoCs published by frog.

AI-analyzed exploit summary The document describes multiple XSS vulnerabilities in XMB Forum 1.6 Magic Lantern, detailing specific attack vectors such as improper input filtering in 'member.php' and encoded script injection in user profiles. It provides technical examples of exploit payloads but does not include functional exploit code.

Description

XMB Forum 1.6 - Magic Lantern Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/21447

View Code ZIP pw:eip

The document describes multiple XSS vulnerabilities in XMB Forum 1.6 Magic Lantern, detailing specific attack vectors such as improper input filtering in 'member.php' and encoded script injection in user profiles. It provides technical examples of exploit payloads but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: XMB Forum 1.6 Magic Lantern

No auth needed

Prerequisites: Access to the target forum · Ability to submit crafted input to vulnerable parameters

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026