Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-4308 | 1 Blackboard | 3 Blackboard, Blackboard Learning And Community Portal Suite, Vista | 2024-11-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board. | |||||
CVE-2006-0511 | 1 Blackboard | 2 Blackboard, Blackboard Academic Suite | 2024-11-21 | 4.3 MEDIUM | N/A |
Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product. | |||||
CVE-2004-1581 | 1 Blackboard | 1 Blackboard | 2024-11-20 | 5.0 MEDIUM | N/A |
BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to (1) checkdb.inc.php, (2) admin.inc.php or (3) cp.inc.php, which reveals the path in a PHP error message. | |||||
CVE-2002-1007 | 1 Blackboard | 1 Blackboard | 2024-11-20 | 7.5 HIGH | N/A |
Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via (1) the course_id parameter in a link to login.pl, (2) the CTID parameter in ProcessInfo.cgi, or (3) the Message parameter in index.cgi. |