EIP-2026-119102

PRE-CVE

Sambar Server 5.x/6.0/6.1 - Server Referer Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119102. PoCs published by Jamie Fisher.

AI-analyzed exploit summary This is a functional proof-of-concept for a cross-site scripting (XSS) vulnerability in Sambar Server's administrative interface. The exploit demonstrates how malicious script code can be injected via the Referer header, executing arbitrary JavaScript in the context of the vulnerable site.

Description

Sambar Server 5.x/6.0/6.1 - Server Referer Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jamie Fisher · textremotewindows

https://www.exploit-db.com/exploits/25696

View Code ZIP pw:eip

This is a functional proof-of-concept for a cross-site scripting (XSS) vulnerability in Sambar Server's administrative interface. The exploit demonstrates how malicious script code can be injected via the Referer header, executing arbitrary JavaScript in the context of the vulnerable site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Sambar Server (version not specified)

No auth needed

Prerequisites: Access to a vulnerable Sambar Server instance · Ability to craft a malicious HTTP request with a manipulated Referer header

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026