Harbl

**Name of the Vulnerable Software and Affected Versions** Blackboard Academic Suite version 6.2.3.23 **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation. This is achieved by disabling JavaScript when submitting an essay response. The injected script is not validated on the server-side before being viewed via "View Attempt Details" in the Gradebook. **Recommendations** For Blackboard Academic Suite version 6.2.3.23, consider disabling JavaScript validation for essay responses until a patch is available, and ensure server-side validation is implemented for all user-submitted content to prevent arbitrary HTML or web script injection.