EIP-2026-118850

PRE-CVE

Microsoft Internet Explorer 7/8 - HTML Attribute JavaScript URI SecURIty Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118850. PoCs published by 80vul.

AI-analyzed exploit summary This exploit demonstrates multiple XSS vectors in Microsoft Internet Explorer by leveraging various HTML attributes and tags to execute arbitrary JavaScript. It bypasses script execution restrictions, potentially aiding further attacks.

Description

Microsoft Internet Explorer 7/8 - HTML Attribute JavaScript URI SecURIty Bypass

Exploits (1)

exploitdb WORKING POC VERIFIED

by 80vul · htmlremotewindows

https://www.exploit-db.com/exploits/33050

View Code ZIP pw:eip

This exploit demonstrates multiple XSS vectors in Microsoft Internet Explorer by leveraging various HTML attributes and tags to execute arbitrary JavaScript. It bypasses script execution restrictions, potentially aiding further attacks.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (unspecified version)

No auth needed

Prerequisites: Victim must visit a malicious webpage or have malicious HTML content rendered in Internet Explorer

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026