BlackBoard LMS 9.1 SP14 - (Title) Persistent Vulnerability

Type vulnerlab
Reporter Vulnerability Laboratory [Research Team] - Lawrence Amer - ( )
Modified 2017-01-10T00:00:00


A persistent cross site scripting vulnerability has been discovered in the official BlackBoard LMS web-application. The issue allows remote attackers to inject own malicious script codes to the application-side of the vulnerable module.

Remote attackers are able to inject malicious java script code into blackboard blog module Groups -- Group Blogs, users with low privileged access are able to inject via blog entries name [blog post title] input. The vulnerability is located in the title of the blog entries. The vulnerable parameter title becomes stored during the save procedure which results in a persistent attack. The request method to inject the malicious script code is POST. We discovered during the tests that any user (student) can create groups to share blog entries with others users and instructors(admins).

The security risk of the xss vulnerabilities are estimated as medium with a cvss (common vulnerability scoring system) count of 3.6. Exploitation of the client-side vulnerabilities requires no privilege web-application user account and only low user interaction. Successful exploitation of the vulnerability results in persistent phishing attacks, session hijacking, persistent external redirect to malicious sources and persistent manipulation of affected or connected web module context.

Request Method(s): [+] POST

Vulnerable Module(s): [+] ./webapps/blogs-journals/execute/editBlogEntry

Vulnerable Parameter(s): [+] title