Vulnerabilities > Blackboard
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-04-18 | CVE-2008-1883 | Improper Authentication vulnerability in Blackboard Academic Suite The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string. | 6.8 |
2008-04-15 | CVE-2008-1795 | Cross-Site Scripting vulnerability in Blackboard Academic Suite Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl. | 4.3 |
2007-10-05 | CVE-2007-5227 | Cross-Site Scripting vulnerability in Blackboard Learning and Community Post Systems 6.3.1.593 Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the (1) subject_t and (2) body_text parameters. | 4.3 |
2006-08-23 | CVE-2006-4308 | Cross-Site Scripting vulnerability in Blackboard products Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board. | 4.3 |
2006-07-28 | CVE-2006-3914 | HTML Injection vulnerability in Blackboard Academic Suite 6.2.3.23 Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook. network blackboard | 6.0 |
2005-12-19 | CVE-2005-4341 | Remote Security vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424 Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. | 5.0 |
2005-12-19 | CVE-2005-4339 | Cross-Site Scripting vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424 Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page. network blackboard | 4.3 |
2005-12-19 | CVE-2005-4338 | Remote Security vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424 announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin". | 10.0 |
2005-12-19 | CVE-2005-4337 | Security Bypass vulnerability in Blackboard Academic Suite 6.2.3.23/6.3.1.424 The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter. | 7.5 |
2005-12-13 | CVE-2005-4206 | Open Redirect vulnerability in Blackboard Academic Suite 6.0.0.0/6.2.3.23/6.3.1.424 Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page. | 6.1 |