CVE-2006-4308 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Blackboard	Blackboard Vista Blackboard Learning And Community Portal Suite

Configuration 1 [-]

OR	cpe:2.3:a:blackboard:blackboard:6.0:::::::*
	cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.0:::::::*
	cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.2.3.23:::::::*
	cpe:2.3:a:blackboard:vista:4:::::::*

References

Link	Resource
http://secunia.com/advisories/21577	Vendor Advisory
http://securitytracker.com/id?1016735
http://www.securityfocus.com/archive/1/444062/100/0/threaded
http://www.securityfocus.com/archive/1/444116/100/0/threaded
http://www.securityfocus.com/archive/1/444885/100/0/threaded
http://www.securityfocus.com/bid/19308
http://www.vupen.com/english/advisories/2006/3366	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28537

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-23T19:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-08-23T00:00:00

Link: CVE-2006-4308

JSON object: View

NVD Information

Status : Modified

Published: 2006-08-23T19:04:00.000

Modified: 2018-10-17T21:34:29.397

Link: CVE-2006-4308

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-22T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "19308", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19308"}, {"name": "20060828 Re: Re: BlackBoard Multiple Vulnerabilities (XSS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/444885/100/0/threaded"}, {"name": "ADV-2006-3366", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3366"}, {"name": "20060822 BlackBoard Multiple Vulnerabilities (XSS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/444062/100/0/threaded"}, {"name": "blackboard-multiple-xss(28537)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"}, {"name": "20060823 Re: BlackBoard Multiple Vulnerabilities (XSS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/444116/100/0/threaded"}, {"name": "21577", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21577"}, {"name": "1016735", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016735"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4308", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19308", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19308"}, {"name": "20060828 Re: Re: BlackBoard Multiple Vulnerabilities (XSS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444885/100/0/threaded"}, {"name": "ADV-2006-3366", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3366"}, {"name": "20060822 BlackBoard Multiple Vulnerabilities (XSS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444062/100/0/threaded"}, {"name": "blackboard-multiple-xss(28537)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"}, {"name": "20060823 Re: BlackBoard Multiple Vulnerabilities (XSS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444116/100/0/threaded"}, {"name": "21577", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21577"}, {"name": "1016735", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016735"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4308", "datePublished": "2006-08-23T19:00:00", "dateReserved": "2006-08-23T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackboard:blackboard:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "34DEADE2-62A0-4FDC-8172-7726D8555DC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "CAA1C885-E1F2-4AD8-BFC9-4504DA0B9DCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.2.3.23:*:*:*:*:*:*:*", "matchCriteriaId": "C08F08EF-A832-4DD3-A6C1-2D38309A0FEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackboard:vista:4:*:*:*:*:*:*:*", "matchCriteriaId": "4851F315-7345-4892-B7D9-690D4F11650D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Blackboard Learning System 6 y Blackboard Learning and Community Portal Suite 6.2.3.23, y Blackboard Vista 4 permiten a atacantes remotos inyectar Javascript, VBScript, o HTML de su elecci\u00f3n mediante (1) datos, (2) secuencias de comandos de vb, y (3) URIs javascript mal formados en diversas etiquetas HTML cuando se env\u00eda un mensaje al Foro de Discusi\u00f3n."}], "id": "CVE-2006-4308", "lastModified": "2018-10-17T21:34:29.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-23T19:04:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21577"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016735"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/444062/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/444116/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/444885/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19308"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3366"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}