Learn
by Blackboard
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-36746 | 0.00 | — | 0.01 | Jul 20, 2021 | Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor. | |||
| CVE-2021-36747 | 0.00 | — | 0.01 | Jul 20, 2021 | Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form. | |||
| CVE-2018-13257 | 0.00 | — | 0.01 | Nov 18, 2019 | The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page. |
- CVE-2021-36746Jul 20, 2021risk 0.00cvss —epss 0.01
Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor.
- CVE-2021-36747Jul 20, 2021risk 0.00cvss —epss 0.01
Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form.
- CVE-2018-13257Nov 18, 2019risk 0.00cvss —epss 0.01
The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page.