製品・ソフトウェアに関する情報

JVN脆弱性詳細

Blackboard Academic Suite におけるクロスサイトスクリプティングの脆弱性

Title	Blackboard Academic Suite におけるクロスサイトスクリプティングの脆弱性
Summary	Blackboard Academic Suite には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、以下のパラメータを介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。 (1) Webapps/blackboard/execute/viewCatalog の Course アクション内の searchText パラメータ (2) bin/common/announcement.pl への ADD アクション内の data__announcements___pk1_pk2__subject パラメータ
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	April 15, 2008, midnight
Registration Date	June 26, 2012, 4:02 p.m.
Last Update	June 26, 2012, 4:02 p.m.

Affected System

Blackboard, Inc.

academic suite 7.x およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-1795	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1795
National Vulnerability Database (NVD)
2	CVE-2008-1795	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1795

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
Blackboard, Inc.
1	Top Page	http://www.blackboard.com/

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-1795

Summary	Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via (1) the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or (2) the data__announcements___pk1_pk2__subject parameter in an ADD action to bin/common/announcement.pl.
Summary	Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Blackboard Academic Suite 7.x y versiones anteriores, y posiblemente algunas versiones 8.0, permiten a atacantes remotos inyectar web script o HTML de su elección a través de (1) el parámetro searchText en una acción Course de webapps/blackboard/execute/viewCatalog o (2) el parámetro data__announcements___pk1_pk2__subject en una acción ADD de bin/common/announcement.pl.
Publication Date	April 16, 2008, 2:05 a.m.
Registration Date	Jan. 29, 2021, 1:35 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:blackboard:academic_suite::::::::			7

Related information, measures and tools

No	URL	refsource
1	http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/	cve@mitre.org
2	http://secunia.com/advisories/29543	cve@mitre.org
3	http://securityreason.com/securityalert/3810	cve@mitre.org
4	http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite	cve@mitre.org
5	http://www.securityfocus.com/archive/1/490096/100/0/threaded	cve@mitre.org
6	http://www.securityfocus.com/bid/28455	cve@mitre.org
7	http://www.securitytracker.com/id?1019710	cve@mitre.org
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/41478	cve@mitre.org
9	http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/	af854a3a-2127-422b-91ae-364da2661108
10	http://secunia.com/advisories/29543	af854a3a-2127-422b-91ae-364da2661108
11	http://securityreason.com/securityalert/3810	af854a3a-2127-422b-91ae-364da2661108
12	http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite	af854a3a-2127-422b-91ae-364da2661108
13	http://www.securityfocus.com/archive/1/490096/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securityfocus.com/bid/28455	af854a3a-2127-422b-91ae-364da2661108
15	http://www.securitytracker.com/id?1019710	af854a3a-2127-422b-91ae-364da2661108
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/41478	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html