Exploitation Summary
EIP tracks 2 public exploits for CVE-2008-1795. PoCs published by Knight4vn.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Blackboard Academic Suite, where user-supplied input is not properly sanitized. It includes a sample URL demonstrating the vulnerability but does not contain executable exploit code.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.
Exploits (2)
The provided text describes a cross-site scripting (XSS) vulnerability in Blackboard Academic Suite, where user-supplied input is not properly sanitized. It includes a sample URL demonstrating the vulnerability but does not contain executable exploit code.
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Blackboard Academic Suite by injecting a malicious script into the 'announcement.pl' URL parameter. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected site.