CVE-2021-36747

MEDIUM

Blackboard Learn < 9.1 - Authenticated Stored Cross-Site Scripting via Feedback to Learner Form

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-36747. PoCs published by cseasholtz.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2021-36747, an XSS vulnerability in Blackboard Learn. It includes steps to reproduce, affected versions, and screenshots demonstrating the exploit.

Description

Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form.

Exploits (1)

nomisec WRITEUP 1 stars

by cseasholtz · poc

https://github.com/cseasholtz/CVE-2021-36747

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2021-36747, an XSS vulnerability in Blackboard Learn. It includes steps to reproduce, affected versions, and screenshots demonstrating the exploit.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Blackboard Learn through 9.1

Auth required

Prerequisites: Authenticated user access to the Feedback to Learner form

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/cseasholtz/CVE-2021-36747

Scores

CVSS v3 5.4

EPSS 0.0037

EPSS Percentile 58.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

blackboard/blackboard_learn < 9.1

Published Jul 20, 2021

Tracked Since Feb 18, 2026