Filtered by vendor Blackboard
Subscriptions
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-13257 | 1 Blackboard | 1 Blackboard Learn | 2024-08-05 | 6.1 Medium |
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page. | ||||
CVE-2020-25902 | 1 Blackboard | 1 Collaborate Ultra | 2024-08-04 | 6.1 Medium |
Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class. NOTE: Third-parties dispute the validity of this entry as a possible false positive during research | ||||
CVE-2020-9008 | 1 Blackboard | 1 Blackboard Learn | 2024-08-04 | 5.4 Medium |
Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor. | ||||
CVE-2021-36747 | 1 Blackboard | 1 Blackboard Learn | 2024-08-04 | 5.4 Medium |
Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form. | ||||
CVE-2021-36746 | 1 Blackboard | 1 Blackboard Learn | 2024-08-04 | 5.4 Medium |
Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor. | ||||
CVE-2022-39196 | 1 Blackboard | 1 Blackboard Learn | 2024-08-03 | 6.5 Medium |
Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced. |