CVE-2006-4308 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Blackboard	Blackboard Blackboard Learning And Community Portal Suite Vista

Configuration 1 [-]

OR	cpe:2.3:a:blackboard:blackboard:6.0:::::::*
	cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.0:::::::*
	cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.2.3.23:::::::*
	cpe:2.3:a:blackboard:vista:4:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/21577
http://securitytracker.com/id?1016735
http://www.securityfocus.com/archive/1/444062/100/0/threaded
http://www.securityfocus.com/archive/1/444116/100/0/threaded
http://www.securityfocus.com/archive/1/444885/100/0/threaded
http://www.securityfocus.com/bid/19308
http://www.vupen.com/english/advisories/2006/3366
https://exchange.xforce.ibmcloud.com/vulnerabilities/28537

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-23T19:00:00

Updated: 2024-08-07T19:06:06.871Z

Reserved: 2006-08-23T00:00:00

Link: CVE-2006-4308

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-08-23T19:04:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-4308

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-22T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "19308", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19308"}, {"name": "20060828 Re: Re: BlackBoard Multiple Vulnerabilities (XSS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/444885/100/0/threaded"}, {"name": "ADV-2006-3366", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3366"}, {"name": "20060822 BlackBoard Multiple Vulnerabilities (XSS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/444062/100/0/threaded"}, {"name": "blackboard-multiple-xss(28537)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"}, {"name": "20060823 Re: BlackBoard Multiple Vulnerabilities (XSS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/444116/100/0/threaded"}, {"name": "21577", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21577"}, {"name": "1016735", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016735"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4308", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19308", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19308"}, {"name": "20060828 Re: Re: BlackBoard Multiple Vulnerabilities (XSS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444885/100/0/threaded"}, {"name": "ADV-2006-3366", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3366"}, {"name": "20060822 BlackBoard Multiple Vulnerabilities (XSS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444062/100/0/threaded"}, {"name": "blackboard-multiple-xss(28537)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"}, {"name": "20060823 Re: BlackBoard Multiple Vulnerabilities (XSS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444116/100/0/threaded"}, {"name": "21577", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21577"}, {"name": "1016735", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016735"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:06:06.871Z"}, "title": "CVE Program Container", "references": [{"name": "19308", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19308"}, {"name": "20060828 Re: Re: BlackBoard Multiple Vulnerabilities (XSS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/444885/100/0/threaded"}, {"name": "ADV-2006-3366", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3366"}, {"name": "20060822 BlackBoard Multiple Vulnerabilities (XSS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/444062/100/0/threaded"}, {"name": "blackboard-multiple-xss(28537)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"}, {"name": "20060823 Re: BlackBoard Multiple Vulnerabilities (XSS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/444116/100/0/threaded"}, {"name": "21577", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21577"}, {"name": "1016735", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016735"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4308", "datePublished": "2006-08-23T19:00:00", "dateReserved": "2006-08-23T00:00:00", "dateUpdated": "2024-08-07T19:06:06.871Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackboard:blackboard:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "34DEADE2-62A0-4FDC-8172-7726D8555DC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "CAA1C885-E1F2-4AD8-BFC9-4504DA0B9DCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.2.3.23:*:*:*:*:*:*:*", "matchCriteriaId": "C08F08EF-A832-4DD3-A6C1-2D38309A0FEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackboard:vista:4:*:*:*:*:*:*:*", "matchCriteriaId": "4851F315-7345-4892-B7D9-690D4F11650D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Blackboard Learning System 6 y Blackboard Learning and Community Portal Suite 6.2.3.23, y Blackboard Vista 4 permiten a atacantes remotos inyectar Javascript, VBScript, o HTML de su elecci\u00f3n mediante (1) datos, (2) secuencias de comandos de vb, y (3) URIs javascript mal formados en diversas etiquetas HTML cuando se env\u00eda un mensaje al Foro de Discusi\u00f3n."}], "id": "CVE-2006-4308", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-23T19:04:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21577"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016735"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/444062/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/444116/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/444885/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19308"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3366"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21577"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016735"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/444062/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/444116/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/444885/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19308"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3366"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}