RSS   Vulnerabilities for 'Academic suite'   RSS

2008-04-15
 
CVE-2008-1795

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.

 
2005-12-18
 
CVE-2005-4341

 

 
Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. NOTE: it is not clear whether this information is sensitive or not, so this might not be an exposure.

 
 
CVE-2005-4339

 

 
Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page.

 
 
CVE-2005-4338

 

 
announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".

 
 
CVE-2005-4337

 

 
The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter.

 

 >>> Vendor: Blackboard 9 Products
Courseinfo
Blackboard
Blackboard learning and community post systems
Academic suite
Blackboard academic suite
Blackboard learning and community portal suite
Vista
Transact suite
Vista/ce


Copyright 2017, cxsecurity.com