CVE Tools

blackboard

Enterprise SoftwareUScommercial

21

Cumulative CVEs

14

Monthly snapshots

#11

Peak rank

Top products

blackboard learn2

Latest CVEs

The 15 most recently published vulnerabilities affecting blackboard.

CVE-2022-39196Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor ...6.5Sep 4, 2022
CVE-2021-36746Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor.5.4Jul 20, 2021
CVE-2021-36747Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form.5.4Jul 20, 2021
CVE-2020-25902Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the...6.1Mar 2, 2021
CVE-2020-9008Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor.5.4Feb 25, 2020
CVE-2018-13257The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, ...6.1Nov 18, 2019
CVE-2017-18262Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-...6.1Apr 30, 2018
CVE-2014-0811Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 SP6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.4.3Feb 22, 2014
CVE-2010-3245The automated-backup functionality in Blackboard Transact Suite (formerly Blackboard Commerce Suite) stores the (1) database username and (2) database password in cleartext in (a) script and (b) ba...2.1Sep 7, 2010
CVE-2010-3244BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly Blackboard Commerce Suite) before 3.6.0.2 relies on field names when determining whether it is appropriate to decrypt a connection.xml...4.6Sep 7, 2010
CVE-2008-3421Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change confi...4.3Jul 31, 2008
CVE-2008-1883The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client tha...6.8Apr 18, 2008
CVE-2008-1795Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (...4.3Apr 15, 2008
CVE-2007-5227Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to...4.3Oct 5, 2007
CVE-2006-4308Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject...4.3Aug 23, 2006