EIP-2026-112181
PRE-CVESite@School 2.4.10 - '/index.php' Cross-Site Scripting / SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-112181. PoCs published by Stefan Schurtz.
AI-analyzed exploit summary The exploit demonstrates multiple XSS and SQL injection vulnerabilities in Site@School. The XSS payloads use script tags to execute arbitrary JavaScript, while the SQL injection points are identified in the modulemanager parameters.
Description
Site@School 2.4.10 - '/index.php' Cross-Site Scripting / SQL Injection
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Stefan Schurtz · textwebappsphp
https://www.exploit-db.com/exploits/36240
The exploit demonstrates multiple XSS and SQL injection vulnerabilities in Site@School. The XSS payloads use script tags to execute arbitrary JavaScript, while the SQL injection points are identified in the modulemanager parameters.
Classification
Working Poc 90%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Site@School (version not specified)
No auth needed
Prerequisites:
Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026