{"api_version":"1","generated_at":"2026-04-25T09:41:30+00:00","cve":"CVE-2008-1795","urls":{"html":"https://cve.report/CVE-2008-1795","api":"https://cve.report/api/cve/CVE-2008-1795.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-1795","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-1795"},"summary":{"title":"CVE-2008-1795","description":"Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-04-15 17:05:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/","name":"http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Hacking Blackboard Academic Suite. « a small place to share your BIG knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/3810","name":"http://securityreason.com/securityalert/3810","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityReason - Blackboard Academic Suite Multiple XSS Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite","name":"http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Hacking Blackboard Academic Suite.","mime":"text/html","httpstatus":"410","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/28455","name":"http://www.securityfocus.com/bid/28455","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Blackboard Academic Suite Multiple Cross-Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/29543","name":"http://secunia.com/advisories/29543","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Blackboard Academic Suite \"searchText\" Cross-Site Scripting - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41478","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41478","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/490096/100/0/threaded","name":"http://www.securityfocus.com/archive/1/490096/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1019710","name":"http://www.securitytracker.com/id?1019710","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Blackboard Academic Suite Input Validation Holes Permit Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-1795","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1795","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"1795","vulnerable":"1","versionEndIncluding":"7","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackboard","cpe5":"academic_suite","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T08:32:01.287Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"},{"name":"1019710","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1019710"},{"name":"3810","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/3810"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"},{"name":"29543","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/29543"},{"name":"20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/490096/100/0/threaded"},{"name":"28455","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/28455"},{"name":"blackboard-searchtext-xss(41478)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41478"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-03-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-11T19:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"},{"name":"1019710","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1019710"},{"name":"3810","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/3810"},{"tags":["x_refsource_MISC"],"url":"http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"},{"name":"29543","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/29543"},{"name":"20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/490096/100/0/threaded"},{"name":"28455","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/28455"},{"name":"blackboard-searchtext-xss(41478)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41478"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-1795","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite","refsource":"MISC","url":"http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"},{"name":"1019710","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1019710"},{"name":"3810","refsource":"SREASON","url":"http://securityreason.com/securityalert/3810"},{"name":"http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/","refsource":"MISC","url":"http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"},{"name":"29543","refsource":"SECUNIA","url":"http://secunia.com/advisories/29543"},{"name":"20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/490096/100/0/threaded"},{"name":"28455","refsource":"BID","url":"http://www.securityfocus.com/bid/28455"},{"name":"blackboard-searchtext-xss(41478)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41478"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-1795","datePublished":"2008-04-15T17:00:00.000Z","dateReserved":"2008-04-15T00:00:00.000Z","dateUpdated":"2024-08-07T08:32:01.287Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-04-15 17:05:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:blackboard:academic_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"7","matchCriteriaId":"68674833-D34A-4425-B452-527FE27DA575"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"1795","Ordinal":"1","Title":"CVE-2008-1795","CVE":"CVE-2008-1795","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"1795","Ordinal":"1","NoteData":"Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.","Type":"Description","Title":"CVE-2008-1795"},{"CveYear":"2008","CveId":"1795","Ordinal":"2","NoteData":"2008-04-15","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"1795","Ordinal":"3","NoteData":"2018-10-11","Type":"Other","Title":"Modified"}]}}}