CVE-2006-4308

Published Aug 23, 2006

Last updated 6 years ago

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:blackboard:blackboard:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34DEADE2-62A0-4FDC-8172-7726D8555DC3"
          },
          {
            "criteria": "cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAA1C885-E1F2-4AD8-BFC9-4504DA0B9DCF"
          },
          {
            "criteria": "cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.2.3.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C08F08EF-A832-4DD3-A6C1-2D38309A0FEF"
          },
          {
            "criteria": "cpe:2.3:a:blackboard:vista:4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4851F315-7345-4892-B7D9-690D4F11650D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References