EIP-2026-100761

PRE-CVE

BlackBoard Learning System 5.x/6.0 - Multiple Cross-Site Scripting Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100761. PoCs published by DarC KonQuest.

AI-analyzed exploit summary The exploit demonstrates multiple XSS vulnerabilities in Blackboard Learning System by injecting malicious script tags into URI parameters of addressbook.pl, tasks.pl, and calendar.pl scripts. The PoC includes crafted URLs that trigger the XSS when rendered in a victim's browser.

Description

BlackBoard Learning System 5.x/6.0 - Multiple Cross-Site Scripting Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED
by DarC KonQuest · textwebappscgi
https://www.exploit-db.com/exploits/23986

The exploit demonstrates multiple XSS vulnerabilities in Blackboard Learning System by injecting malicious script tags into URI parameters of addressbook.pl, tasks.pl, and calendar.pl scripts. The PoC includes crafted URLs that trigger the XSS when rendered in a victim's browser.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Blackboard Learning System
No auth needed
Prerequisites: Victim must click on a malicious link
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026