Vulnerability-Lookup

FKIE_CVE-2006-4308

Vulnerability from fkie_nvd - Published: 2006-08-23 19:04 - Updated: 2025-04-03 01:03

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/21577	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016735
cve@mitre.org	http://www.securityfocus.com/archive/1/444062/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/444116/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/444885/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/19308
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3366	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/28537
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21577	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016735
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/444062/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/444116/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/444885/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19308
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3366	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28537

Impacted products

Vendor	Product	Version
blackboard	blackboard	6.0
blackboard	blackboard_learning_and_community_portal_suite	6.0
blackboard	blackboard_learning_and_community_portal_suite	6.2.3.23
blackboard	vista	4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:blackboard:blackboard:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "34DEADE2-62A0-4FDC-8172-7726D8555DC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAA1C885-E1F2-4AD8-BFC9-4504DA0B9DCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.2.3.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "C08F08EF-A832-4DD3-A6C1-2D38309A0FEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:blackboard:vista:4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4851F315-7345-4892-B7D9-690D4F11650D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Blackboard Learning System 6 y Blackboard Learning and Community Portal Suite 6.2.3.23, y Blackboard Vista 4 permiten a atacantes remotos inyectar Javascript, VBScript, o HTML de su elecci\u00f3n mediante (1) datos, (2) secuencias de comandos de vb, y (3) URIs javascript mal formados en diversas etiquetas HTML cuando se env\u00eda un mensaje al Foro de Discusi\u00f3n."
    }
  ],
  "id": "CVE-2006-4308",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-23T19:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21577"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016735"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/444062/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/444116/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/444885/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19308"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3366"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016735"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/444062/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/444116/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/444885/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2006-4308 (GCVE-0-2006-4308)

Vulnerability from cvelistv5 – Published: 2006-08-23 19:00 – Updated: 2024-08-07 19:06

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/19308	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/444885/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2006/3366	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/444062/100…	mailing-listx_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/444116/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/21577	third-party-advisoryx_refsource_SECUNIA
	http://securitytracker.com/id?1016735	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:06:06.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19308",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19308"
          },
          {
            "name": "20060828 Re: Re: BlackBoard Multiple Vulnerabilities (XSS)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/444885/100/0/threaded"
          },
          {
            "name": "ADV-2006-3366",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3366"
          },
          {
            "name": "20060822 BlackBoard Multiple Vulnerabilities (XSS)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/444062/100/0/threaded"
          },
          {
            "name": "blackboard-multiple-xss(28537)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"
          },
          {
            "name": "20060823 Re: BlackBoard Multiple Vulnerabilities (XSS)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/444116/100/0/threaded"
          },
          {
            "name": "21577",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21577"
          },
          {
            "name": "1016735",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016735"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19308",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19308"
        },
        {
          "name": "20060828 Re: Re: BlackBoard Multiple Vulnerabilities (XSS)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/444885/100/0/threaded"
        },
        {
          "name": "ADV-2006-3366",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3366"
        },
        {
          "name": "20060822 BlackBoard Multiple Vulnerabilities (XSS)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/444062/100/0/threaded"
        },
        {
          "name": "blackboard-multiple-xss(28537)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"
        },
        {
          "name": "20060823 Re: BlackBoard Multiple Vulnerabilities (XSS)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/444116/100/0/threaded"
        },
        {
          "name": "21577",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21577"
        },
        {
          "name": "1016735",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016735"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4308",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19308",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19308"
            },
            {
              "name": "20060828 Re: Re: BlackBoard Multiple Vulnerabilities (XSS)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/444885/100/0/threaded"
            },
            {
              "name": "ADV-2006-3366",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3366"
            },
            {
              "name": "20060822 BlackBoard Multiple Vulnerabilities (XSS)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/444062/100/0/threaded"
            },
            {
              "name": "blackboard-multiple-xss(28537)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28537"
            },
            {
              "name": "20060823 Re: BlackBoard Multiple Vulnerabilities (XSS)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/444116/100/0/threaded"
            },
            {
              "name": "21577",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21577"
            },
            {
              "name": "1016735",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016735"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4308",
    "datePublished": "2006-08-23T19:00:00",
    "dateReserved": "2006-08-23T00:00:00",
    "dateUpdated": "2024-08-07T19:06:06.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2006-4308

CVE-2006-4308 (GCVE-0-2006-4308)

Tags

Sightings

Nomenclature