PT-2006-4760 · Blackboard · Blackboard Academic Suite

Harbl

Published

2006-07-28

Updated

2018-10-17

CVE-2006-3914

CVSS v2.0

6.0

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Blackboard Academic Suite version 6.2.3.23

Description A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation. This is achieved by disabling JavaScript when submitting an essay response. The injected script is not validated on the server-side before being viewed via "View Attempt Details" in the Gradebook.

Recommendations For Blackboard Academic Suite version 6.2.3.23, consider disabling JavaScript validation for essay responses until a patch is available, and ensure server-side validation is implemented for all user-submitted content to prevent arbitrary HTML or web script injection.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3914

Affected Products

Blackboard Academic Suite

PT-2006-4760 · Blackboard · Blackboard Academic Suite

CVE-2006-3914

Related Identifiers

Affected Products

References · 7