EIP-2026-109623

PRE-CVE

Multi Branch School Management System 3.5 - _Create Branch_ Stored XSS

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109623. PoCs published by Kislay Kumar.

AI-analyzed exploit summary This is a writeup detailing a stored XSS vulnerability in Multi Branch School Management System 3.5. The exploit involves injecting malicious JavaScript payloads into multiple input fields during branch creation, which are then executed when the page is viewed.

Description

Multi Branch School Management System 3.5 - _Create Branch_ Stored XSS

Exploits (1)

exploitdb WRITEUP

by Kislay Kumar · textwebappsphp

https://www.exploit-db.com/exploits/49316

View Code ZIP pw:eip

This is a writeup detailing a stored XSS vulnerability in Multi Branch School Management System 3.5. The exploit involves injecting malicious JavaScript payloads into multiple input fields during branch creation, which are then executed when the page is viewed.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Multi Branch School Management System 3.5

Auth required

Prerequisites: Super Admin access to the application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026