Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-09-05	CVE-2022-39196	Unspecified vulnerability in Blackboard Learn 1.10.1 Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. network low complexity blackboard	6.5
2021-03-02	CVE-2020-25902	Cross-site Scripting vulnerability in Blackboard Collaborate Ultra 20.02 Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. network low complexity blackboard CWE-79	6.1
2019-11-18	CVE-2018-13257	Open Redirect vulnerability in Blackboard Learn 20180702 The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page. network blackboard CWE-601	5.8
2018-04-30	CVE-2017-18262	Improper Input Validation vulnerability in Blackboard Learn 9.1 Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI. network blackboard CWE-20	5.8
2014-02-22	CVE-2014-0811	Cross-Site Scripting vulnerability in Blackboard Vista/Ce 8.0 Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network blackboard CWE-79	4.3
2010-09-07	CVE-2010-3244	Information Exposure vulnerability in Blackboard Transact Suite 3.6.0.1 BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml field value, which allows local users to discover the database password via a modified connection.xml file that contains an encrypted password in the <Server> field. local low complexity blackboard CWE-200	4.6
2008-04-18	CVE-2008-1883	Improper Authentication vulnerability in Blackboard Academic Suite The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string. network blackboard CWE-287	6.8
2008-04-15	CVE-2008-1795	Cross-Site Scripting vulnerability in Blackboard Academic Suite Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl. network blackboard CWE-79	4.3
2007-10-05	CVE-2007-5227	Cross-Site Scripting vulnerability in Blackboard Learning and Community Post Systems 6.3.1.593 Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the (1) subject_t and (2) body_text parameters. network blackboard CWE-79	4.3
2006-08-23	CVE-2006-4308	Cross-Site Scripting vulnerability in Blackboard products Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board. network blackboard CWE-79	4.3