RSS   Vulnerabilities for 'Blackboard learn'   RSS

2020-02-25
 
CVE-2020-9008

CWE-79
 

 
Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor.

 
2019-11-18
 
CVE-2018-13257

CWE-601
 

 
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page.

 
2018-04-30
 
CVE-2017-18262

CWE-601
 

 
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.

 

 >>> Vendor: Blackboard 10 Products
Courseinfo
Blackboard
Blackboard learning and community post systems
Academic suite
Blackboard academic suite
Blackboard learning and community portal suite
Vista
Transact suite
Vista/ce
Blackboard learn


Copyright 2020, cxsecurity.com

 

Back to Top