CVE-2006-5529

SchoolAlumni Portal 2.26 - Cross-Site Scripting via Query Parameter in Katalog Module

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5529. PoCs published by MP.

AI-analyzed exploit summary The provided text describes a vulnerability in SchoolAlumni portal version 2.26, detailing XSS and local file inclusion issues due to insufficient input sanitization. It includes a sample URL demonstrating the XSS vulnerability but lacks executable exploit code.

Description

Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by MP · textwebappsphp
https://www.exploit-db.com/exploits/28839

The provided text describes a vulnerability in SchoolAlumni portal version 2.26, detailing XSS and local file inclusion issues due to insufficient input sanitization. It includes a sample URL demonstrating the XSS vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: SchoolAlumni portal 2.26
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017105
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20673

Scores

EPSS 0.0158
EPSS Percentile 72.2%

Details

Status published
Products (1)
schoolalumni_portal/schoolalumni_portal 2.26
Published Oct 26, 2006
Tracked Since Feb 18, 2026