Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
blackboard blackboard learn 9.1 |
||
blackboard blackboard learn |