CVE-2005-4206

moderate-risk
Published 2005-12-13

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page.

Do I need to act?

~
5.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
26778
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (3)

Affected Vendors

Blackboard

References (10)

Broken Link http://secunia.com/advisories/17991
Broken Link http://www.ipomonis.com/advisories/Bb_6.zip
Broken Link http://www.osvdb.org/21618
Broken Link http://www.securityfocus.com/bid/15814
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/23558
Broken Link http://secunia.com/advisories/17991
Broken Link http://www.ipomonis.com/advisories/Bb_6.zip
Broken Link http://www.osvdb.org/21618
Broken Link http://www.securityfocus.com/bid/15814
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/23558
48
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 16/34 · Moderate
Exposure 9/34 · Low