Blackboard : Security Vulnerabilities, CVEs, CVSS score >= 6
Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL.
Max CVSS
6.5
EPSS Score
0.13%
Published
2022-09-05
Updated
2022-09-09
Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class. NOTE: Third-parties dispute the validity of this entry as a possible false positive during research
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-03-02
Updated
2024-04-11
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-11-18
Updated
2019-11-25
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.
Max CVSS
6.1
EPSS Score
0.11%
Published
2018-04-30
Updated
2018-06-12
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.
Max CVSS
6.8
EPSS Score
1.20%
Published
2008-04-18
Updated
2018-10-11
Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.
Max CVSS
6.0
EPSS Score
0.29%
Published
2006-07-28
Updated
2018-10-17
announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".
Max CVSS
10.0
EPSS Score
0.44%
Published
2005-12-19
Updated
2008-09-05
The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter.
Max CVSS
7.5
EPSS Score
0.44%
Published
2005-12-19
Updated
2008-09-05
Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page.
Max CVSS
6.1
EPSS Score
2.60%
Published
2005-12-13
Updated
2024-02-09
Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via (1) the course_id parameter in a link to login.pl, (2) the CTID parameter in ProcessInfo.cgi, or (3) the Message parameter in index.cgi.
Max CVSS
7.5
EPSS Score
3.09%
Published
2002-10-04
Updated
2008-09-05
BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl.
Max CVSS
7.5
EPSS Score
0.04%
Published
2000-07-18
Updated
2017-10-10
11 vulnerabilities found