EIP-2026-119337

PRE-CVE

Ziepod+ 1.0 - CrossApplication Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119337. PoCs published by sinn3r.

AI-analyzed exploit summary This Python script demonstrates a Cross Application Scripting (XAS) vulnerability in Ziepod+ 1.0 by serving a malicious XML file that executes JavaScript when processed by the application. The payload sends a 'PING!!' request to a listener, confirming exploitation.

Description

Ziepod+ 1.0 - CrossApplication Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by sinn3r · pythonremotewindows

https://www.exploit-db.com/exploits/12512

View Code ZIP pw:eip

This Python script demonstrates a Cross Application Scripting (XAS) vulnerability in Ziepod+ 1.0 by serving a malicious XML file that executes JavaScript when processed by the application. The payload sends a 'PING!!' request to a listener, confirming exploitation.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Ziepod+ 1.0

No auth needed

Prerequisites: Victim must add the malicious XML subscription to Ziepod+ · Attacker must host the XML file on a web server

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026