CyberSec.Space Logo
CVEブラウザに戻る

CVE-2006-3914

MEDIUM
6.0
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile0.80th
Published2006年7月28日
Last Modified2026年4月16日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.

Affected Platforms (CPE)

📦
Blackboard

Blackboard Academic Suite

= 6.2.3.23

References & Advisories

🔗 http://securityreason.com/securityalert/1295
🔗 http://securitytracker.com/id?1016556
🔗 http://www.securityfocus.com/archive/1/440888/100/0/threaded
🔗 http://www.securityfocus.com/bid/19101
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/27895
🔗 http://securityreason.com/securityalert/1295
🔗 http://securitytracker.com/id?1016556
🔗 http://www.securityfocus.com/archive/1/440888/100/0/threaded

関連する脆弱性情報

CVE-2005-433810.0

announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions befor...

CVE-2005-43377.5

The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before...

CVE-2008-18836.8

The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easie...

CVE-2005-42066.1

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote a...