CVE-2008-1795

Name of the Vulnerable Software and Affected Versions Blackboard Academic Suite versions 7.x and earlier, and possibly some 8.0 versions

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the searchText parameter in a Course action to "/webapps/blackboard/execute/viewCatalog" or the data announcements pk1 pk2 subject parameter in an ADD action to "/bin/common/announcement.pl".

Recommendations For Blackboard Academic Suite versions 7.x and earlier, and possibly some 8.0 versions, consider restricting access to the vulnerable parameters searchText and data announcements pk1 pk2 subject to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.