EIP-2026-114659

PRE-CVE

Zyncro 3.0.1.20 - Multiple HTML Injection Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114659. PoCs published by Ferran Pichel Llaquet.

AI-analyzed exploit summary This is a technical writeup detailing an HTML injection vulnerability in Zyncro 3.0.1.20. The vulnerability arises from insufficient sanitization of user-supplied input in group name and description fields, which are base64 encoded in POST requests. An attacker can exploit this to execute arbitrary script code in the context of the affected website.

Description

Zyncro 3.0.1.20 - Multiple HTML Injection Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ferran Pichel Llaquet · textwebappsphp

https://www.exploit-db.com/exploits/36150

View Code ZIP pw:eip

This is a technical writeup detailing an HTML injection vulnerability in Zyncro 3.0.1.20. The vulnerability arises from insufficient sanitization of user-supplied input in group name and description fields, which are base64 encoded in POST requests. An attacker can exploit this to execute arbitrary script code in the context of the affected website.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Zyncro 3.0.1.20

Auth required

Prerequisites: Ability to create a new group · Capture and modify packets transferred to the server

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026