Blackboard: >> Blackboard Learn Security Vulnerabilities
Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-09-05
Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-20
Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-20
Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-02-25
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page.
CVSS Score
6.1
EPSS Score
0.028
Published
2019-11-18
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-04-30