← Back

Blackboard Learn

blackboard_learn

Vendor: Blackboard • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-39196
1Blackboard
1Blackboard Learn
Nov 21, 2024
Sep 5, 2022
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating t...Show more
Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced.Show less
CVE-2021-36747
1Blackboard
1Blackboard Learn
Nov 21, 2024
Jul 20, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form.
CVE-2021-36746
1Blackboard
1Blackboard Learn
Nov 21, 2024
Jul 20, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor.
CVE-2020-9008
1Blackboard
1Blackboard Learn
Nov 21, 2024
Feb 25, 2020
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor.
CVE-2018-13257
1Blackboard
1Blackboard Learn
Nov 21, 2024
Nov 18, 2019
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing att...Show more
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page.Show less
CVE-2017-18262
1Blackboard
1Blackboard Learn
Nov 21, 2024
Apr 30, 2018
N/A· v4
6.1 MEDIUM· v3
5.8 MEDIUM· v2
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibbolet...Show more
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.Show less