EIP-2026-118712

PRE-CVE

KingSoft Web Shield 1.1.0.62 - Cross-Site Scripting / Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118712. PoCs published by inking.

AI-analyzed exploit summary This exploit demonstrates an XSS vulnerability in KingSoft Web Shield that allows remote code execution by injecting malicious JavaScript into an alert dialog. The PoC shows how an attacker can craft a URL to execute arbitrary system commands via the `CallCFunc` function.

Description

KingSoft Web Shield 1.1.0.62 - Cross-Site Scripting / Code Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by inking · textremotewindows

https://www.exploit-db.com/exploits/8742

View Code ZIP pw:eip

This exploit demonstrates an XSS vulnerability in KingSoft Web Shield that allows remote code execution by injecting malicious JavaScript into an alert dialog. The PoC shows how an attacker can craft a URL to execute arbitrary system commands via the `CallCFunc` function.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: KingSoft Web Shield <= 1.1.0.62

No auth needed

Prerequisites: Victim must visit a malicious URL · KingSoft Web Shield must be installed and running

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026