Vulnerability Details CVE-2006-4308
Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.3%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/21577
- http://securitytracker.com/id?1016735
- http://www.securityfocus.com/archive/1/444062/100/0/threaded
- http://www.securityfocus.com/archive/1/444116/100/0/threaded
- http://www.securityfocus.com/archive/1/444885/100/0/threaded
- http://www.securityfocus.com/bid/19308
- http://www.vupen.com/english/advisories/2006/3366
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28537
- http://secunia.com/advisories/21577
- http://securitytracker.com/id?1016735
- http://www.securityfocus.com/archive/1/444062/100/0/threaded
- http://www.securityfocus.com/archive/1/444116/100/0/threaded
- http://www.securityfocus.com/archive/1/444885/100/0/threaded
- http://www.securityfocus.com/bid/19308
- http://www.vupen.com/english/advisories/2006/3366
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28537
Products affected by CVE-2006-4308
-
cpe:2.3:a:blackboard:blackboard:6.0
-
cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.0
-
cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.2.3.23
-
cpe:2.3:a:blackboard:vista:4