A persistent cross site scripting vulnerability has been discovered in the official BlackBoard LMS web-application. The issue allows remote attackers to inject own malicious script codes to the application-side of the vulnerable module.
Remote attackers are able to inject malicious java script code into blackboard blog module
Groups -- Group Blogs, users
with low privileged access are able to inject via blog entries name [blog post title] input. The vulnerability is located
in the title of the blog entries. The vulnerable parameter
title becomes stored during the save procedure which results
in a persistent attack. The request method to inject the malicious script code is POST. We discovered during the tests
that any user (student) can create groups to share blog entries with others users and instructors(admins).
The security risk of the xss vulnerabilities are estimated as medium with a cvss (common vulnerability scoring system) count of 3.6. Exploitation of the client-side vulnerabilities requires no privilege web-application user account and only low user interaction. Successful exploitation of the vulnerability results in persistent phishing attacks, session hijacking, persistent external redirect to malicious sources and persistent manipulation of affected or connected web module context.
Request Method(s): [+] POST
Vulnerable Module(s): [+] ./webapps/blogs-journals/execute/editBlogEntry
Vulnerable Parameter(s): [+] title