Vulnerabilities > Blackboard

DATE CVE VULNERABILITY TITLE RISK
2008-04-18 CVE-2008-1883 Improper Authentication vulnerability in Blackboard Academic Suite
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.
6.8
2008-04-15 CVE-2008-1795 Cross-Site Scripting vulnerability in Blackboard Academic Suite
Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.
network
blackboard CWE-79
4.3
2007-10-05 CVE-2007-5227 Cross-Site Scripting vulnerability in Blackboard Learning and Community Post Systems 6.3.1.593
Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the (1) subject_t and (2) body_text parameters.
network
blackboard CWE-79
4.3
2006-08-23 CVE-2006-4308 Cross-Site Scripting vulnerability in Blackboard products
Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.
network
blackboard CWE-79
4.3
2006-07-28 CVE-2006-3914 HTML Injection vulnerability in Blackboard Academic Suite 6.2.3.23
Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.
network
blackboard
6.0
2005-12-19 CVE-2005-4341 Remote Security vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424
Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl.
network
low complexity
blackboard
5.0
2005-12-19 CVE-2005-4339 Cross-Site Scripting vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424
Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page.
network
blackboard
4.3
2005-12-19 CVE-2005-4338 Remote Security vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424
announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".
network
low complexity
blackboard
critical
10.0
2005-12-19 CVE-2005-4337 Security Bypass vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424
The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter.
network
low complexity
blackboard
7.5
2005-12-13 CVE-2005-4206 Open Redirect vulnerability in Blackboard Academic Suite 6.0.0.0/6.2.3.23/6.3.1.424
Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page.
network
low complexity
blackboard CWE-601
6.1