9 matches found
EUVD-2009-4073
Malware in sbrugna...
Sage 1.3.6 Extension Feed HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22493/info Sage Extension Feed is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Hostile HTML and script...
Firefox Sage extension RSS feeds cross-domain scripting vulnerability-vulnerability warning-the black bar safety net
Affected version: Mozilla Sage 1.4.3 vulnerability description: BUGTRAQ ID: 3 7 1 2 0 CVECAN ID: CVE-2 0 0 9-4 1 0 2 Sage is a Firefox the use of lightweight RSS and Atom aggregator Controller extension. Sage does not correctly filter the RSS feeds in the description tag input will be used to...
CVE-2009-4102
Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed...
CVE-2009-4102
Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed...
Sage 1.3.6 - Extension Feed HTML Injection
source: https://www.securityfocus.com/bid/22493/info Sage Extension Feed is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Hostile HTML and script code may be injected into vulnerabl...
CVE-2006-6919
Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing "", which Sage modifies to close the img element before the malicious script...
CVE-2006-6919
The CVE-2006-6919 vulnerability affects the Firefox Sage extension (version 1.3.8 and earlier). An RSS feed containing an img tag with an embedded script and a trailing ">" can be manipulated so Sage closes the img element before the malicious script is executed, enabling remote JavaScript exe...
CVE-2006-6919
Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing "", which Sage modifies to close the img element before the malicious script...