Blackboard Learn Security Vulnerabilities and Issues — Blackboard Learn CVE List

Lucene search

BlackboardBlackboard Learn

6 matches found

CVE•added 2022/09/05 12:15 a.m.•69 views

CVE-2022-39196

Blackboard Learn 1.10.1 allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain webapps/bbcms/execute/ URL. Note: The vendor disputes this stating this cannot be reproduced.

6.5CVSS6.1AI score0.00335EPSS

CVE•added 2020/02/25 6:15 p.m.•57 views

CVE-2020-9008

Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor.

5.4CVSS5.3AI score0.0018EPSS

CVE•added 2021/07/20 9:15 p.m.•44 views

CVE-2021-36747

Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form.

5.4CVSS5.1AI score0.00208EPSS

CVE•added 2019/11/18 4:15 p.m.•37 views

CVE-2018-13257

The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page.

6.1CVSS6.3AI score0.02839EPSS

CVE•added 2021/07/20 9:15 p.m.•37 views

CVE-2021-36746

Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor.

5.4CVSS5.1AI score0.00214EPSS

CVE•added 2018/04/30 1:29 p.m.•29 views

CVE-2017-18262

Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.

6.1CVSS6.3AI score0.00278EPSS