WebCT 4.1 vulnerable to XSS attacks
The discussion board feature of WebCT is vulnerable to XSS.
Here is the proof of concept:
When you are composing a new message, in the message field of the form, type
this:
</pre><table background=java	script:alert("XSS Warning")>
</table>
Then submit the message. You should see a JavaScript alert box that says "XSS
Warning" when you wiew your message. It is also possible to redirect users that
view the message to an outside page (I did this on my college's WebCT board).
Obviously, a malicious person could exploit this to steal WebCT's cookies and
possibly compromise user accounts.
The redirect exploit is simple enough:
</pre><table background=java	script:location.replace("URL")>
</table>