CVE-2002-1007

Name of the Vulnerable Software and Affected Versions: Blackboard version 5

Description: The issue concerns cross-site scripting vulnerabilities that allow remote attackers to execute arbitrary web script. This can be achieved via the course id parameter in a link to "login.pl", the CTID parameter in "ProcessInfo.cgi", or the Message parameter in "index.cgi".

Recommendations: For Blackboard version 5, update to a version that includes a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the vulnerable parameters course id, CTID, and Message in the respective scripts until a patch is available.