EIP-2026-114458

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Xoops by injecting malicious JavaScript code via unsanitized user input in the search.php module. The payload executes arbitrary script code in the context of the affected site, potentially stealing cookie-based authentication credentials.