Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-111935. PoCs published by VipVince.
AI-analyzed exploit summary This is a writeup describing a persistent XSS vulnerability in SchoolCMS, specifically in the eventform.php file. The vulnerability allows an attacker to inject JavaScript code into form fields, which is then stored and executed when the event is saved or viewed.
Description
SchoolCMS - Persistent Cross-Site Scripting
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by VipVince · textwebappsphp
https://www.exploit-db.com/exploits/23106
This is a writeup describing a persistent XSS vulnerability in SchoolCMS, specifically in the eventform.php file. The vulnerability allows an attacker to inject JavaScript code into form fields, which is then stored and executed when the event is saved or viewed.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
SchoolCMS (version not specified)
Auth required
Prerequisites:
Access to the eventform.php page · Ability to submit form data
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026