RSS   Vulnerabilities for 'Blackboard academic suite'   RSS

2008-07-31
 
CVE-2008-3421

CWE-352
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp.

 
2008-04-18
 
CVE-2008-1883

CWE-287
 

 
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.

 
2006-07-27
 
CVE-2006-3914

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.

 
2006-02-01
 
CVE-2006-0511

CWE-Other
 

 
** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product."

 

 >>> Vendor: Blackboard 10 Products
Courseinfo
Blackboard
Blackboard learning and community post systems
Academic suite
Blackboard academic suite
Blackboard learning and community portal suite
Vista
Transact suite
Vista/ce
Blackboard learn


Copyright 2020, cxsecurity.com

 

Back to Top