CVE: CVE-2006-4308

Export to Word

Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00962
Percentile: 0.7553

CVSS Scoring

CVSS v2 Score: 4.3

Severity:

Mapped CWE(s)

CWE-79 : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All CAPEC(s)

CAPEC-209: XSS Using MIME Type Mismatch
CAPEC-588: DOM-Based XSS
CAPEC-591: Reflected XSS
CAPEC-592: Stored XSS
CAPEC-63: Cross-Site Scripting (XSS)
CAPEC-85: AJAX Footprinting

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:blackboard:blackboard:6.0:*:*:*:*:*:*:*
cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.0:*:*:*:*:*:*:*
cpe:2.3:a:blackboard:blackboard_learning_and_community_portal_suite:6.2.3.23:*:*:*:*:*:*:*
cpe:2.3:a:blackboard:vista:4:*:*:*:*:*:*:*

← Back to Home