BlackBoard Academic Suite 6.2.3.23 - Frameset.jsp Cross-Domain Frameset Loading

Author: dr_insane
type: webapps
platform: jsp
port: 
date_added: 2005-12-12 
date_updated: 2013-07-12 
verified: 1 
codes: CVE-2005-4206;OSVDB-21618 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/15814/info

Blackboard Academic Suite is prone to a cross-domain frameset-loading vulnerability.

Successful exploitation may result in various attacks, such as information disclosure and session hijacking. An attacker may also be able to exploit this vulnerability to carry out phishing-style attacks.

Blackboard Academic Suite version 6.0 is reportedly affected by this issue.

http://www.example.com/webapps/portal/frameset.jsp?tab_id=[tabid]&url=[url]