Published: 13/02/2007 Updated: 29/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the (1) Sage prior to 1.3.10, and (2) Sage++ extensions for Firefox, allows remote malicious users to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
sage sage 1.3.6
sage sage
sage sage 1.0_beta_3

source: wwwsecurityfocuscom/bid/22493/info Sage Extension Feed is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content Hostile HTML and script code may be injected into vulnerable sections of the application When viewed, this cod ...

CWE-79 http://jvn.jp/jp/JVN%2384430861/index.html http://mozdev.org/bugs/show_bug.cgi?id=16320 http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html http://secunia.com/advisories/24086 http://www.securityfocus.com/bid/22493 http://www.securitytracker.com/id?1017624 http://osvdb.org/33131 https://exchange.xforce.ibmcloud.com/vulnerabilities/32395 https://nvd.nist.gov https://www.exploit-db.com/exploits/29573/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-0896

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect