CVE-2022-39196
- EPSS 0.43%
- Veröffentlicht 05.09.2022 00:15:09
- Zuletzt bearbeitet 21.11.2024 07:17:45
Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced.
CVE-2021-36746
- EPSS 0.38%
- Veröffentlicht 20.07.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 06:14:00
Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor.
CVE-2021-36747
- EPSS 0.37%
- Veröffentlicht 20.07.2021 21:15:07
- Zuletzt bearbeitet 21.11.2024 06:14:00
Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form.
CVE-2020-9008
- EPSS 0.18%
- Veröffentlicht 25.02.2020 18:15:11
- Zuletzt bearbeitet 21.11.2024 05:39:49
Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor.
CVE-2018-13257
- EPSS 2.84%
- Veröffentlicht 18.11.2019 16:15:11
- Zuletzt bearbeitet 21.11.2024 03:46:44
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login ...
CVE-2017-18262
- EPSS 0.28%
- Veröffentlicht 30.04.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:42
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLo...