CVE-2006-4308

Name of the Vulnerable Software and Affected Versions Blackboard Learning System version 6 Blackboard Learning and Community Portal Suite version 6.2.3.23 Blackboard Vista version 4

Description The issue allows remote attackers to inject arbitrary Javascript, VBScript, or HTML via various means, including data, vbscript, and malformed javascript URIs in HTML tags when posting to the Discussion Board. This can lead to cross-site scripting (XSS) attacks.

Recommendations For Blackboard Learning System version 6, update to a version that includes fixes for the XSS vulnerabilities. For Blackboard Learning and Community Portal Suite version 6.2.3.23, update to a version that includes fixes for the XSS vulnerabilities. For Blackboard Vista version 4, update to a version that includes fixes for the XSS vulnerabilities. As a temporary workaround, consider restricting user input in the Discussion Board to minimize the risk of exploitation.