Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in WebCT Campus Edition 4.1.5.8, when "Don't wrap text" is enabled, allow remote authenticated users to inject arbitrary web script or HTML via a 1 mail message or 2 discussion board message. NOTE: this might overlap CVE-2005-1076...