Vulnerabilities > Blackboard > Blackboard Learn > 9.1

DATE CVE VULNERABILITY TITLE RISK
2021-07-20 CVE-2021-36746 Cross-site Scripting vulnerability in Blackboard Learn 1.10.1/9.1
Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor.
network
low complexity
blackboard CWE-79
5.4
2021-07-20 CVE-2021-36747 Cross-site Scripting vulnerability in Blackboard Learn 1.10.1/9.1
Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form.
network
low complexity
blackboard CWE-79
5.4
2020-02-25 CVE-2020-9008 Cross-site Scripting vulnerability in Blackboard Learn 1.10.1/9.1
Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor.
network
low complexity
blackboard CWE-79
5.4
2018-04-30 CVE-2017-18262 Open Redirect vulnerability in Blackboard Learn 1.10.1/9.1
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.
network
low complexity
blackboard CWE-601
6.1