Blackboard Learning System ComposeMessage.JSP Multiple HTML Injection Vulnerabilities
BID:25929
Info
Blackboard Learning System ComposeMessage.JSP Multiple HTML Injection Vulnerabilities
| Bugtraq ID: | 25929 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-5227 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 04 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | Ruben (Trew) Ventura Pina is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Blackboard Blackboard Learning System 6.3.1 593 Blackboard Blackboard Learning and Community Portal Suite 6.3.1 593 |
| Not Vulnerable: | |
Discussion
Blackboard Learning System ComposeMessage.JSP Multiple HTML Injection Vulnerabilities
Blackboard Learning System is prone to multiple HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
These versions are vulnerable:
Blackboard Learning System 6.3.1.593
Blackboard Learning and Community Portal System 6.3.1.593
Other versions may also be affected.
Blackboard Learning System is prone to multiple HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
These versions are vulnerable:
Blackboard Learning System 6.3.1.593
Blackboard Learning and Community Portal System 6.3.1.593
Other versions may also be affected.
Exploit / POC
Blackboard Learning System ComposeMessage.JSP Multiple HTML Injection Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
Solution / Fix
Blackboard Learning System ComposeMessage.JSP Multiple HTML Injection Vulnerabilities
Solution:
The vendor has addressed these issues in Release 6 Application Pack 3 Service Pack 2 Hotfix 3. Please contact the vendor for information on obtaining and applying the appropriate updates.
Solution:
The vendor has addressed these issues in Release 6 Application Pack 3 Service Pack 2 Hotfix 3. Please contact the vendor for information on obtaining and applying the appropriate updates.
References
Blackboard Learning System ComposeMessage.JSP Multiple HTML Injection Vulnerabilities
References:
References:
- Blackboard Academic Suite Web Site (Blackboard Academic Suite)
- Blackboard Learning System Messages Html-Injection (Ruben (Trew) Ventura Pina )