Vulnerabilities > Blackboard > Blackboard Academic Suite > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-04-18 | CVE-2008-1883 | Improper Authentication vulnerability in Blackboard Academic Suite The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string. | 6.8 |
2006-07-28 | CVE-2006-3914 | HTML Injection vulnerability in Blackboard Academic Suite 6.2.3.23 Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook. network blackboard | 6.0 |