Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39196 | 1 Blackboard | 1 Blackboard Learn | 2023-12-10 | N/A | 6.5 MEDIUM |
| Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. | |||||
| CVE-2021-36746 | 1 Blackboard | 1 Blackboard Learn | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor. | |||||
| CVE-2021-36747 | 1 Blackboard | 1 Blackboard Learn | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form. | |||||
| CVE-2018-13257 | 1 Blackboard | 1 Blackboard Learn | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page. | |||||
| CVE-2020-9008 | 1 Blackboard | 1 Blackboard Learn | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor. | |||||
| CVE-2017-18262 | 1 Blackboard | 1 Blackboard Learn | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI. | |||||