Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the (1) subject_t and (2) body_text parameters. NOTE: vector 2 requires bypassing a client-side security mechanism that attempts to block XSS sequences.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2007-10-05 16:17
Updated : 2010-08-29 21:00
NVD link : CVE-2007-5227
Mitre link : CVE-2007-5227
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
blackboard
- blackboard_learning_and_community_post_systems