EIP-2026-119339

PRE-CVE

3Com* iMC (Intelligent Management Center) - Cross-Site Scripting / Information Disclosure Flaws

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119339. PoCs published by Richard Brain.

AI-analyzed exploit summary This document details multiple XSS and information disclosure vulnerabilities in 3Com iMC, including reflective XSS on the login page and exposure of SQL credentials via configuration files. It provides specific URLs and payloads to demonstrate the flaws.

Description

3Com* iMC (Intelligent Management Center) - Cross-Site Scripting / Information Disclosure Flaws

Exploits (1)

exploitdb WRITEUP VERIFIED

by Richard Brain · textwebappswindows

https://www.exploit-db.com/exploits/12680

View Code ZIP pw:eip

This document details multiple XSS and information disclosure vulnerabilities in 3Com iMC, including reflective XSS on the login page and exposure of SQL credentials via configuration files. It provides specific URLs and payloads to demonstrate the flaws.

Classification

Writeup 95%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: 3Com iMC (Intelligent Management Center) versions 3.3.9 R2 606 and 3.3 SP1 R2 606

No auth needed

Prerequisites: Network access to the target system on port 8080

MITRE ATT&CK

T1059.007 - JavaScript T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026