EIP-2026-114501
PRE-CVEYaCOMAS 0.3.6 OpenCMS - Multiple Cross-Site Scripting Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114501. PoCs published by Pr@fesOr X.
AI-analyzed exploit summary The document describes multiple XSS vulnerabilities in YaCOMAS 0.3.6, detailing affected parameters and injection points. It includes technical specifics such as vulnerable endpoints, payload examples, and HTTP request formats.
Description
YaCOMAS 0.3.6 OpenCMS - Multiple Cross-Site Scripting Vulnerabilities
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Pr@fesOr X · textwebappsphp
https://www.exploit-db.com/exploits/35526
The document describes multiple XSS vulnerabilities in YaCOMAS 0.3.6, detailing affected parameters and injection points. It includes technical specifics such as vulnerable endpoints, payload examples, and HTTP request formats.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
YaCOMAS 0.3.6
No auth needed
Prerequisites:
Access to vulnerable YaCOMAS instance
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026