Vulnerabilities for Blackboard academic suite (...) - CXSECURITY.COM

Vulnerabilities for 'Blackboard academic suite'

2008-07-31

CVE-2008-3421

CWE-352

Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp.

2008-04-18

CVE-2008-1883

CWE-287

The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.

2006-07-27

CVE-2006-3914

CWE-Other

Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.

2006-02-01

CVE-2006-0511

CWE-Other

DISPUTED Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product."

>>> Vendor: Blackboard 11 Products

Blackboard learning and community post systems

Blackboard academic suite

Blackboard learning and community portal suite

Blackboard learn

Collaborate ultra

Copyright 2024, cxsecurity.com