Lucene search
K

25 matches found

securityvulns
securityvulns
added 2006/11/09 12:0 a.m.54 views

[Full-disclosure] RSS Injection in Sage part 2

RSS Injection is Sage part 2 2 months ago, both pdp and myself released a vulnerability and proof of concept exploit for Sage. see: http://michaeldaw.org/md-hacks/cross-context-scripting-with-sage/. This issue was resolved in Sage release 1.3.7 http://mozdev.org/bugs/showbug.cgi?id=15101. I found...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2006/10/25 12:0 a.m.15 views

Firefox Sage扩展RSS Feed脚本注入漏洞

sage是Firefox的一个灵巧的RSS和Atom feed聚合扩展。 sage在处理RSS feed中的内容标签时存在输入验证错误,远程攻击者可能利用此漏洞在用户机器上执行恶意代码。 如果用户受骗添加了恶意的RSS feed并浏览了其内容的话,就会导致在本地环境中注入并执行任意HTML和脚本代码。 Mozine Sage 1.3.6 厂商补丁: Mozine ------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://addons.mozine.org/extensions/moreinfo.php?id=12%22...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2006/09/12 4:7 p.m.35 views

CVE-2006-4712

Multiple cross-site scripting XSS vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read...

6.8CVSS5.9AI score0.02071EPSS
Exploits1References1
Cvelist
Cvelist
added 2006/09/12 4:0 p.m.28 views

CVE-2006-4712

Multiple cross-site scripting XSS vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read...

5.6AI score0.02071EPSS
Exploits1References11
exploitpack
exploitpack
added 2006/09/08 12:0 a.m.13 views

Sage 1.3.6 - Input Validation

Sage 1.3.6 - Input Validation source: https://www.securityfocus.com/bid/19928/info The application is prone to an input-validation vulnerability that allows malicious HTML and script code to be injected before it is used in dynamically generated content. Attacker-supplied HTML and script code wou...

7.4AI score
Exploits0
Rows per page
Query Builder