EIP-2026-112078

PRE-CVE

Simple College Website 1.0 - 'full' Stored Cross Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112078. PoCs published by Marco Catalano.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Simple College Website 1.0 via the 'full' POST parameter in the admin panel. The unsanitized input allows an authenticated attacker to inject malicious JavaScript, which is then executed when victims visit the affected page.

Description

Simple College Website 1.0 - 'full' Stored Cross Site Scripting

Exploits (1)

exploitdb WORKING POC

by Marco Catalano · textwebappsphp

https://www.exploit-db.com/exploits/49477

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Simple College Website 1.0 via the 'full' POST parameter in the admin panel. The unsanitized input allows an authenticated attacker to inject malicious JavaScript, which is then executed when victims visit the affected page.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Simple College Website 1.0

Auth required

Prerequisites: Authenticated access to the admin panel

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026