Vulnerabilities > Blackboard
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-05 | CVE-2022-39196 | Unspecified vulnerability in Blackboard Learn 1.10.1 Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. | 6.5 |
| 2021-07-20 | CVE-2021-36746 | Cross-site Scripting vulnerability in Blackboard Learn 1.10.1/9.1 Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor. | 5.4 |
| 2021-07-20 | CVE-2021-36747 | Cross-site Scripting vulnerability in Blackboard Learn 1.10.1/9.1 Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form. | 5.4 |
| 2021-03-02 | CVE-2020-25902 | Cross-site Scripting vulnerability in Blackboard Collaborate Ultra 20.02 Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. | 6.1 |
| 2020-02-25 | CVE-2020-9008 | Cross-site Scripting vulnerability in Blackboard Learn 1.10.1/9.1 Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor. | 5.4 |
| 2019-11-18 | CVE-2018-13257 | Open Redirect vulnerability in Blackboard Learn 20180702 The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page. | 6.1 |
| 2018-04-30 | CVE-2017-18262 | Open Redirect vulnerability in Blackboard Learn 1.10.1/9.1 Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI. | 6.1 |
| 2005-12-13 | CVE-2005-4206 | Open Redirect vulnerability in Blackboard Academic Suite 6.0.0.0/6.2.3.23/6.3.1.424 Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page. | 6.1 |