CVE-2007-5227

Name of the Vulnerable Software and Affected Versions: BlackBoard Learning System version 6.3.1.593 and earlier BlackBoard Academic Suite versions prior to 6.3.1.593

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The attack can be performed via the subject t and body text parameters in the "messaging/course/composeMessage.jsp" page. Note that one of the vectors requires bypassing a client-side security mechanism.

Recommendations: For BlackBoard Learning System version 6.3.1.593 and earlier, update to a version later than 6.3.1.593 to resolve the issue. For BlackBoard Academic Suite versions prior to 6.3.1.593, update to a version later than 6.3.1.593 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable "messaging/course/composeMessage.jsp" page until a patch is available. Avoid using the subject t and body text parameters in the affected page until the issue is resolved.