GCVE - cpe:2.3:a:blackboard:blackboard_learn:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:blackboard:blackboard_learn:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Blackboard (`7fa2ec50-0f9d-59ab-8245-e6281fc9111e`)
Product	Blackboard Learn (`98ecfae3-33b0-55db-b1c2-b8e084a5c984`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-36747`	vulnerable	2026-06-08 05:32:52.422732	Details available Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form. Published: 2021-07-20T20:44:23.000Z Updated: 2024-08-04T01:01:59.437Z Open on db.gcve.eu Reference links https://github.com/cseasholtz/CVE-2021-36747	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-36746`	vulnerable	2026-06-08 05:32:52.422261	Details available Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor. Published: 2021-07-20T20:48:18.000Z Updated: 2024-08-04T01:01:59.055Z Open on db.gcve.eu Reference links https://github.com/cseasholtz/CVE-2021-36746	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-9008`	vulnerable	2026-06-08 05:27:20.235107	Details available Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor. Published: 2020-02-25T17:29:26.000Z Updated: 2024-08-04T10:19:19.589Z Open on db.gcve.eu Reference links https://blackboard.com https://github.com/kyletimmermans/blackboard-xss/blob/master/CVE-2020-9008.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-18262`	vulnerable	2026-06-08 05:09:10.641756	Details available Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI. Published: 2018-04-30T13:00:00.000Z Updated: 2024-08-05T21:13:49.302Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1040767 http://seclists.org/fulldisclosure/2018/Apr/57 https://ethan.pm/blackboard.txt	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.