CVE-2008-1795: XSS
First published: Tue Apr 15 2008(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Blackboard Academic Suite | <=7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/
- http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite
- http://www.securityfocus.com/bid/28455
- http://www.securitytracker.com/id?1019710
- http://secunia.com/advisories/29543
- http://securityreason.com/securityalert/3810
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41478
- http://www.securityfocus.com/archive/1/490096/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/blackboard
- canonical/blackboard academic suite
- version/blackboard academic suite/7