EIP-2026-114598

PRE-CVE

Zen Cart 1.5.3 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114598. PoCs published by smash.

AI-analyzed exploit summary The exploit demonstrates CSRF and persistent XSS vulnerabilities in Zen Cart 1.5.3 admin panel. It includes detailed HTTP requests showing how to delete admin profiles, reset layout boxes, and inject malicious scripts via multiple admin panel forms.

Description

Zen Cart 1.5.3 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by smash · textwebappsphp

https://www.exploit-db.com/exploits/34581

View Code ZIP pw:eip

The exploit demonstrates CSRF and persistent XSS vulnerabilities in Zen Cart 1.5.3 admin panel. It includes detailed HTTP requests showing how to delete admin profiles, reset layout boxes, and inject malicious scripts via multiple admin panel forms.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Zen Cart 1.5.3

Auth required

Prerequisites: Admin panel access · Valid security token

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026