EIP-2026-112453

PRE-CVE

Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting (XSS)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112453. PoCs published by Hüseyin Serkan Balkanli.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the Student Quarterly Grading System 1.0, where malicious JavaScript can be injected into the 'grade' field and executed when any user visits the application.

Description

Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting (XSS)

Exploits (1)

exploitdb WORKING POC

by Hüseyin Serkan Balkanli · textwebappsphp

https://www.exploit-db.com/exploits/50412

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in the Student Quarterly Grading System 1.0, where malicious JavaScript can be injected into the 'grade' field and executed when any user visits the application.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Student Quarterly Grading System 1.0

Auth required

Prerequisites: Access to the application with sufficient privileges to add a new class

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026