Lucene search

MitreCVE-2008-1795

HistoryApr 15, 2008 - 5:05 p.m.

CVE-2008-1795

2008-04-1517:05:00

CWE-79

mitre

web.nvd.nist.gov

blackboard

academic suite

xss

vulnerability

remote attackers

web script

html

nvd

cve-2008-1795

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.017

Percentile

88.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.

Affected configurations

Nvd

Node

blackboardacademic_suiteRange≤7

VendorProductVersionCPE
blackboardacademic_suite*cpe:2.3:a:blackboard:academic_suite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
blackboard	academic_suite	*	cpe:2.3:a:blackboard:academic_suite::::::::

References

secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/

secunia.com/advisories/29543

securityreason.com/securityalert/3810

www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite

www.securityfocus.com/archive/1/490096/100/0/threaded

www.securityfocus.com/bid/28455

www.securitytracker.com/id?1019710

exchange.xforce.ibmcloud.com/vulnerabilities/41478

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.017

Percentile

88.0%

JSON

Related for CVE-2008-1795