CVE-2008-1795

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
blackboardacademic_suite
𝑥
≤ 7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/
http://secunia.com/advisories/29543
http://securityreason.com/securityalert/3810
http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite
http://www.securityfocus.com/archive/1/490096/100/0/threaded
http://www.securityfocus.com/bid/28455
http://www.securitytracker.com/id?1019710
https://exchange.xforce.ibmcloud.com/vulnerabilities/41478
http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/
http://secunia.com/advisories/29543
http://securityreason.com/securityalert/3810
http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite
http://www.securityfocus.com/archive/1/490096/100/0/threaded
http://www.securityfocus.com/bid/28455
http://www.securitytracker.com/id?1019710
https://exchange.xforce.ibmcloud.com/vulnerabilities/41478