Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and previous versions in BlackBoard Academic Suite allow remote malicious users to inject arbitrary web script or HTML via the (1) subject_t and (2) body_text parameters. NOTE: vector 2 requires bypassing a client-side security mechanism that attempts to block XSS sequences.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
blackboard blackboard learning and community post systems 6.3.1.593 |