CVE-2008-1795

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.

Published: Apr 15, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-1795
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
blackboard / academic_suite	-	7.x

http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/
http://secunia.com/advisories/29543
http://securityreason.com/securityalert/3810
http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite
http://www.securityfocus.com/archive/1/490096/100/0/threaded
http://www.securityfocus.com/bid/28455
http://www.securitytracker.com/id?1019710
https://exchange.xforce.ibmcloud.com/vulnerabilities/41478

Vulnerability Database

289,784

CVE-2008-1795