EIP-2026-102361
PRE-CVEBlackboard LMS 9.1 SP14 - Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-102361. PoCs published by Vulnerability-Lab.
AI-analyzed exploit summary This document details a persistent XSS vulnerability in Blackboard LMS 9.1 SP14, where attackers can inject malicious JavaScript into the first name and last name fields of user profiles. The vulnerability is exploited via POST requests and affects user management modules.
Description
Blackboard LMS 9.1 SP14 - Cross-Site Scripting
Exploits (1)
exploitdb
WRITEUP
by Vulnerability-Lab · textwebappsjava
https://www.exploit-db.com/exploits/41014
This document details a persistent XSS vulnerability in Blackboard LMS 9.1 SP14, where attackers can inject malicious JavaScript into the first name and last name fields of user profiles. The vulnerability is exploited via POST requests and affects user management modules.
Classification
Writeup 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Blackboard LMS 9.1 SP14
Auth required
Prerequisites:
Low-privileged user account · Access to profile editing functionality
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026