Filtered by vendor Blackboard Subscriptions
Filtered by product Blackboard Academic Suite Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-3421 1 Blackboard 1 Blackboard Academic Suite 2024-11-21 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp.
CVE-2008-1883 1 Blackboard 1 Blackboard Academic Suite 2024-11-21 N/A
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.
CVE-2006-3914 1 Blackboard 1 Blackboard Academic Suite 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.
CVE-2006-0511 1 Blackboard 2 Blackboard, Blackboard Academic Suite 2024-11-21 N/A
Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.