Vulnerability-Lookup

CVE-2008-1795 (GCVE-0-2008-1795)

Vulnerability from cvelistv5 – Published: 2008-04-15 17:00 – Updated: 2024-08-07 08:32

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.scribd.com/doc/2363025/Hacking-Blackbo…	x_refsource_MISC
	http://www.securitytracker.com/id?1019710	vdb-entryx_refsource_SECTRACK
	http://securityreason.com/securityalert/3810	third-party-advisoryx_refsource_SREASON
	http://secskill.wordpress.com/2008/03/27/hacking-…	x_refsource_MISC
	http://secunia.com/advisories/29543	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/490096/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/28455	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:32:01.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"
          },
          {
            "name": "1019710",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019710"
          },
          {
            "name": "3810",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3810"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"
          },
          {
            "name": "29543",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29543"
          },
          {
            "name": "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"
          },
          {
            "name": "28455",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28455"
          },
          {
            "name": "blackboard-searchtext-xss(41478)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41478"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"
        },
        {
          "name": "1019710",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019710"
        },
        {
          "name": "3810",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3810"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"
        },
        {
          "name": "29543",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29543"
        },
        {
          "name": "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"
        },
        {
          "name": "28455",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28455"
        },
        {
          "name": "blackboard-searchtext-xss(41478)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41478"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1795",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite",
              "refsource": "MISC",
              "url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"
            },
            {
              "name": "1019710",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019710"
            },
            {
              "name": "3810",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3810"
            },
            {
              "name": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/",
              "refsource": "MISC",
              "url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"
            },
            {
              "name": "29543",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29543"
            },
            {
              "name": "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"
            },
            {
              "name": "28455",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28455"
            },
            {
              "name": "blackboard-searchtext-xss(41478)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41478"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1795",
    "datePublished": "2008-04-15T17:00:00",
    "dateReserved": "2008-04-15T00:00:00",
    "dateUpdated": "2024-08-07T08:32:01.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:blackboard:academic_suite:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7\", \"matchCriteriaId\": \"68674833-D34A-4425-B452-527FE27DA575\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Blackboard Academic Suite 7.x y versiones anteriores, y posiblemente algunas versiones 8.0, permiten a atacantes remotos inyectar web script o HTML de su elecci\\u00f3n a trav\\u00e9s de (1) el par\\u00e1metro searchText en una acci\\u00f3n Course de webapps/blackboard/execute/viewCatalog o (2) el par\\u00e1metro data__announcements___pk1_pk2__subject en una acci\\u00f3n ADD de bin/common/announcement.pl.\"}]",
      "id": "CVE-2008-1795",
      "lastModified": "2024-11-21T00:45:21.670",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2008-04-15T17:05:00.000",
      "references": "[{\"url\": \"http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/29543\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3810\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/490096/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/28455\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019710\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41478\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/29543\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/3810\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/490096/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/28455\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019710\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/41478\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-1795\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-04-15T17:05:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Blackboard Academic Suite 7.x y versiones anteriores, y posiblemente algunas versiones 8.0, permiten a atacantes remotos inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro searchText en una acci\u00f3n Course de webapps/blackboard/execute/viewCatalog o (2) el par\u00e1metro data__announcements___pk1_pk2__subject en una acci\u00f3n ADD de bin/common/announcement.pl.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blackboard:academic_suite:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7\",\"matchCriteriaId\":\"68674833-D34A-4425-B452-527FE27DA575\"}]}]}],\"references\":[{\"url\":\"http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/29543\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3810\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/490096/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28455\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019710\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41478\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/29543\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/3810\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/490096/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019710\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41478\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2008-1795

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-1795

Aliases

CVE-2008-1795

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-1795",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.",
    "id": "GSD-2008-1795"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-1795"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.",
      "id": "GSD-2008-1795",
      "modified": "2023-12-13T01:23:03.645537Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-1795",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite",
            "refsource": "MISC",
            "url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"
          },
          {
            "name": "1019710",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019710"
          },
          {
            "name": "3810",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3810"
          },
          {
            "name": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/",
            "refsource": "MISC",
            "url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"
          },
          {
            "name": "29543",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29543"
          },
          {
            "name": "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"
          },
          {
            "name": "28455",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/28455"
          },
          {
            "name": "blackboard-searchtext-xss(41478)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41478"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:blackboard:academic_suite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1795"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"
            },
            {
              "name": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"
            },
            {
              "name": "28455",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/28455"
            },
            {
              "name": "1019710",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019710"
            },
            {
              "name": "29543",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29543"
            },
            {
              "name": "3810",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3810"
            },
            {
              "name": "blackboard-searchtext-xss(41478)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41478"
            },
            {
              "name": "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-11T20:36Z",
      "publishedDate": "2008-04-15T17:05Z"
    }
  }
}

GHSA-WFFQ-RVWW-VH29

Vulnerability from github – Published: 2022-05-01 23:43 – Updated: 2025-04-09 03:53

Details

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcementspk1pk2subject parameter in an ADD action to bin/common/announcement.pl.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-04-15T17:05:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.",
  "id": "GHSA-wffq-rvww-vh29",
  "modified": "2025-04-09T03:53:38Z",
  "published": "2022-05-01T23:43:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1795"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41478"
    },
    {
      "type": "WEB",
      "url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29543"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3810"
    },
    {
      "type": "WEB",
      "url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/28455"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019710"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-1795

Vulnerability from fkie_nvd - Published: 2008-04-15 17:05 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/	Exploit
cve@mitre.org	http://secunia.com/advisories/29543	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/3810
cve@mitre.org	http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/490096/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/28455
cve@mitre.org	http://www.securitytracker.com/id?1019710
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/41478
af854a3a-2127-422b-91ae-364da2661108	http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29543	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3810
af854a3a-2127-422b-91ae-364da2661108	http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/490096/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28455
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019710
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/41478

Impacted products

	Vendor	Product	Version
	blackboard	academic_suite	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:blackboard:academic_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68674833-D34A-4425-B452-527FE27DA575",
              "versionEndIncluding": "7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Blackboard Academic Suite 7.x y versiones anteriores, y posiblemente algunas versiones 8.0, permiten a atacantes remotos inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro searchText en una acci\u00f3n Course de webapps/blackboard/execute/viewCatalog o (2) el par\u00e1metro data__announcements___pk1_pk2__subject en una acci\u00f3n ADD de bin/common/announcement.pl."
    }
  ],
  "id": "CVE-2008-1795",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-04-15T17:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29543"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3810"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28455"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019710"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29543"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019710"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41478"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-1795 (GCVE-0-2008-1795)

GSD-2008-1795

GHSA-WFFQ-RVWW-VH29

FKIE_CVE-2008-1795

Tags

Sightings

Nomenclature