CVE-2008-1795

Blackboard Academic Suite <8.0 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Knight4vn · textwebappscgi

https://www.exploit-db.com/exploits/31538

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Knight4vn · textwebappscgi

https://www.exploit-db.com/exploits/31537

View Code ZIP pw:eip

References (8)

[Exploit] http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/

[Vendor Advisory] http://secunia.com/advisories/29543

[Exploit] http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019710

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41478

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/490096/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/28455

[Third Party Advisory] http://securityreason.com/securityalert/3810

Scores

EPSS 0.1091

EPSS Percentile 93.3%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

blackboard/academic_suite < 7

Timeline

Published Apr 15, 2008

Tracked Since Feb 18, 2026