Lucene search
K

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/31 8:54 a.m.•6 views

Multiple SKYARC System Co., Ltd. products fail to restrict access permissions

Overview Multiple products provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted. MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted. Impact A user without the...

5.5CVSS6.7AI score0.01117EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/31 12:0 a.m.•40 views

JVN#41032068: Multiple SKYARC System Co., Ltd. products fail to restrict access permissions

MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain an issue where access permissions are not restricted. Impact A user without the appropriate privileges may alter settings and files. Solution Apply an update Update to the latest version according to the informati...

5.5CVSS6.4AI score0.01117EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/31 12:0 a.m.•47 views

JVN#56667137: Multiple SKYARC System Co., Ltd. products vulnerable to cross-site request forgery

MTCMS and multiple Movable Type plugins provided by SKYARC System Co., Ltd. contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into MTCMS or a Movable Type implementation with any of the plugins from "Products Affected" running, information...

6.8CVSS6.4AI score0.00586EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/28 8:49 a.m.•3 views

Touhou Hisouten vulnerable to denial-of-service

Overview Touhou Hisouten from Twilight Frontier contains a denial-of-service DoS vulnerability. Touhou Hisouten from Twilight Frontier is a video game which has an online match mode. Touhou Hisouten contains an issue when processing network traffic, which may result in a denial-of-service DoS. Yu...

5CVSS6.6AI score0.01409EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/28 8:42 a.m.•5 views

Multiple D-Link products vulnerable to buffer overflow

Overview Multiple D-Link products contain a buffer overflow vulnerability. Multiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue. Hisashi Kojima, Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated wit...

10CVSS7.7AI score0.05465EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/28 8:39 a.m.•3 views

FFFTP may insecurely load executable files

Overview FFFTP may use unsafe methods for determining how to load executables .exe FFFTP loads certain executables when using certain functions. FFFTP contains an issue with the file search path, which may insecurely load executables. Makoto Shiotsuki reported this vulnerability to IPA. JPCERT/CC...

9.3CVSS7.5AI score0.02343EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/28 12:0 a.m.•33 views

JVN#50227837: Touhou Hisouten vulnerable to denial-of-service

Touhou Hisouten from Twilight Frontier is a video game which has an online match mode. Touhou Hisouten contains an issue when processing network traffic, which may result in a denial-of-service DoS. Impact A remote attacker may cause an unexpected application termination. Solution Apply a patch...

5CVSS6.4AI score0.01409EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/28 12:0 a.m.•45 views

JVN#72640744: Multiple D-Link products vulnerable to buffer overflow

Multiple D-Link products contain a buffer overflow vulnerability due to a SSH implementation issue. Impact A remote attacker may cause a denial of service DoS or execute arbitrary code. Solution Update the Firmware Update to the latest version of firmware according to the information provided by...

10CVSS7.8AI score0.05465EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/28 12:0 a.m.•29 views

JVN#62336482: FFFTP may insecurely load executable files

FFFTP loads certain executables when using certain functions. FFFTP contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest...

9.3CVSS7AI score0.02343EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/17 9:56 a.m.•4 views

Safari for iOS vulnerable to cross-site scripting

Overview Safari for iOS provided by Apple contains a cross-site scripting vulnerability. Safari for iOS provided by Apple does not support the "attachment" value for the HTTP Content-Disposition header, resulting in a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc...

4.3CVSS5.7AI score0.01821EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/17 12:0 a.m.•41 views

JVN#41657660: Safari for iOS vulnerable to cross-site scripting

Safari for iOS provided by Apple does not support the "attachment" value for the HTTP Content-Disposition header, resulting in a cross-site scripting vulnerability. Impact Opening a maliciously crafted file may lead to an arbitrary script being executed on the user's web browser. Solution Update...

4.3CVSS5.2AI score0.01821EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/14 8:53 a.m.•5 views

EC-CUBE vulnerable to SQL injection

Overview EC-CUBE contains a SQL injection vulnerability. EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue in assembling SQL statements, leading to a SQL injection vulnerability. This vulnerability is different from JVN81111541...

7.5CVSS7.6AI score0.02334EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/14 8:50 a.m.•4 views

DBD::mysqlPP vulnerable to SQL injection

Overview DBD::mysqlPP contains a SQL injection vulnerability. DBD::mysqlPP is a Perl module that provides a client interface for MySQL. DBD::mysqlPP contains a SQL injection vulnerability. Toshiharu Sugiyama of UBsecure, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

7.5CVSS7.4AI score0.0111EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/14 12:0 a.m.•37 views

JVN#44496332: EC-CUBE vulnerable to SQL injection

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue in assembling SQL statements, leading to a SQL injection vulnerability. This vulnerability is different from JVN81111541 and JVN19072922. Impact A remote, unauthenticated attacke...

7.5CVSS7AI score0.02334EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/14 12:0 a.m.•26 views

JVN#51216285: DBD::mysqlPP vulnerable to SQL injection

DBD::mysqlPP is a Perl module that provides a client interface for MySQL. DBD::mysqlPP contains a SQL injection vulnerability. Impact An attacker may view or alter information stored in the database. Solution Do not use DBD::mysqlPP According to the developer, "DBD::mysqlPP was developed as a jok...

7.5CVSS6.9AI score0.0111EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/13 9:58 a.m.•4 views

DAEMON Tools vulnerable to denial-of-service

Overview DAEMON Tools contains a denial-of-service DoS vulnerability. DAEMON Tools is a software for optical media emulation. DAEMON Tools contains a denial-of-service DoS vulnerability. Satoshi Tanda of Fourteenforty Research Institute Inc. reported this vulnerability to IPA. JPCERT/CC coordinat...

4.9CVSS6.5AI score0.00736EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/13 9:56 a.m.•5 views

Pligg vulnerable to cross-site scripting

Overview Pligg contains a cross-site scripting vulnerability. Pligg is a Content Management System CMS. Pligg contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

4.3CVSS6.1AI score0.0098EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/13 9:38 a.m.•4 views

Plume vulnerable to cross-site scripting

Overview Plume contains a cross-site scripting vulnerability. Plume is a Content Management System CMS. Plume contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

2.6CVSS6AI score0.00936EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/13 12:0 a.m.•48 views

JVN#07414354: DAEMON Tools vulnerable to denial-of-service

DAEMON Tools is a software for optical media emulation. DAEMON Tools contains a denial-of-service DoS vulnerability. Impact An attacker that can login to the system with the software running may cause the system to crash. Solution Update the Software Update to the latest version according to the...

4.9CVSS6AI score0.00736EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/13 12:0 a.m.•33 views

JVN#04013920: Pligg vulnerable to cross-site scripting

Pligg is a Content Management System CMS. Pligg contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected...

4.3CVSS5.7AI score0.0098EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/13 12:0 a.m.•28 views

JVN#08307791: Plume vulnerable to cross-site scripting

Plume is a Content Management System CMS. Plume contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user that is logged in as administrator. Solution Update the Software Update to the latest version according to the information provide...

2.6CVSS5.8AI score0.00936EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 10:28 a.m.•5 views

WEB FORUM vulnerable to cross-site scripting

Overview WEB FORUM provided by KENT-WEB contains a cross-site scripting vulnerability. WEB FORUM provided by KENT-WEB is a bulletin-board software. WEB FORUM contains a vulnerability in handling web form entries, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui Bussan Secure...

4.3CVSS5.8AI score0.01403EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 10:27 a.m.•3 views

WEB FORUM vulnerable to cross-site scripting

Overview WEB FORUM provided by KENT-WEB contains a cross-site scripting vulnerability. WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in handling cookies, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui Bussan Secure...

4.3CVSS5.8AI score0.01656EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 10:24 a.m.•8 views

WEB FORUM vulnerable to cross-site scripting

Overview WEB FORUM provided by KENT-WEB contains a cross-site scripting vulnerability. WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in processing the web page to be output, which may result in cross-site scripting. ISHIBASHI,Tsuyoshi of Mitsui...

5CVSS5.8AI score0.01029EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 12:11 a.m.•6 views

Cybozu Office vulnerable in restricting access

Overview Cybozu Office contains a vulnerability in restricting access permissions. Cybozu Office is a groupware.Cybozu Office contains a vulnerability in restricting access permissions. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

5.5CVSS6.8AI score0.01193EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 12:8 a.m.•6 views

A-Form vulnerable in restricting access

Overview A-Form contains a vulnerability in restricting access permissions. A-Form is a plug-in for Movable Type that adds mail forms and survey forms. A-Form contains a vulnerability in restricting access permissions. Impact Information managed by A-Form may be altered by a user who does not hav...

5.5CVSS6.6AI score0.01263EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 12:0 a.m.•5 views

Enkai-kun vulnerable to cross-site scripting

Overview Enkai-kun provided by utage.org contains a cross-site scripting vulnerability. Ayumi Yamaguchi of Niconicom Co.,LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be execut...

5CVSS6.1AI score0.01086EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 12:0 a.m.•41 views

JVN#89764731: WEB FORUM vulnerable to cross-site scripting

WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in handling cookies, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according ...

4.3CVSS5.8AI score0.01656EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 12:0 a.m.•30 views

JVN#80971236: WEB FORUM vulnerable to cross-site scripting

WEB FORUM provided by KENT-WEB is a bulletin-board software. WEB FORUM contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...

4.3CVSS6AI score0.01403EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/11 12:0 a.m.•29 views

JVN#36684331: WEB FORUM vulnerable to cross-site scripting

WEB FORUM provided by KENT-WEB is a bulletin board software. WEB FORUM contains a vulnerability in processing the web page to be output, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the lates...

4.3CVSS5.8AI score0.01029EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/07 12:0 a.m.•27 views

JVN#03869266: Enkai-kun vulnerable to cross-site scripting

Enkai-kun provided by utage.org contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected Versions prior t...

4.3CVSS5.9AI score0.01086EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/07 12:0 a.m.•45 views

JVN#84838479: Cybozu Office vulnerable in restricting access

Cybozu Office is a groupware.Cybozu Office contains a vulnerability in restricting access permissions. Impact A user without the appropriate privileges may view an arbitrary user's attendance information. Solution Upgrade the Software Upgrade to Cybozu Office 9 that has addressed this...

5.5CVSS6.5AI score0.01193EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/07 12:0 a.m.•32 views

JVN#34980730: A-Form vulnerable in restricting access

A-Form is a plug-in for Movable Type that adds mail forms and survey forms. A-Form contains a vulnerability in restricting access permissions. Impact Information managed by A-Form may be altered by a user who does not have administrative privileges. Solution Update the Software Update to the late...

5.5CVSS6.1AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/30 9:45 a.m.•5 views

BaserCMS vulnerable to access restriction

Overview BaserCMS contains a vulnerability in access restriction. BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a vulnerability in access restriction where adding a user in the user group "operators" which is created by default when BaserCMS is installed. Masako Ohn...

4.9CVSS6.6AI score0.01344EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/30 9:39 a.m.•7 views

BaserCMS vulnerable to cross-site scripting

Overview BaserCMS contains a cross-site scripting vulnerability. BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a cross-site scripting vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

4.3CVSS6.1AI score0.01542EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/30 12:0 a.m.•32 views

JVN#16617002: BaserCMS vulnerable to access restriction

BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a vulnerability in access restriction where adding a user in the user group "operators" which is created by default when BaserCMS is installed. Impact Users without administrative privileges may obtain administrative...

4.9CVSS6.2AI score0.01344EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/30 12:0 a.m.•27 views

JVN#09789751: BaserCMS vulnerable to cross-site scripting

BaserCMS is an open-source Contents Management System CMS. BaserCMS contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...

4.3CVSS6AI score0.01542EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/16 9:8 a.m.•4 views

SemanticScuttle vulnerable to cross-site scripting

Overview SemanticScuttle contains a cross-site scripting vulnerability. SemanticScuttle is a social bookmarking tool. SemanticScuttle contains a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

4.3CVSS6AI score0.01263EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/16 12:0 a.m.•32 views

JVN#28973089: SemanticScuttle vulnerable to cross-site scripting

SemanticScuttle is a social bookmarking tool. SemanticScuttle contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer...

4.3CVSS5.9AI score0.01263EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/12 12:19 a.m.•4 views

Megalith vulnerable to authentication bypass

Overview Megalith contains an authentication bypass vulnerability. Megalith is a bulletin board software. Megalith contains an authentication bypass vulnerability. Impact A remote attacker may obtain administrative privileges. Solution Update the software Update to the latest version according to...

7.5CVSS7AI score0.01661EPSS
Exploits0References6
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/09 12:0 a.m.•37 views

JVN#45458289: Megalith vulnerable to authentication bypass

Megalith is a bulletin board software. Megalith contains an authentication bypass vulnerability. Impact A remote attacker may obtain administrative privileges. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected...

7.5CVSS6.7AI score0.01661EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 10:26 a.m.•5 views

GTK+ may insecurely load dynamic libraries

Overview GTK+ may use unsafe methods for determining how to load DLLs. GTK+ is a toolkit for developing applications with GUIs. GTK+ contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Naoto Katsumi of LAC Co., Ltd. reported this vulnerability to IP...

6.9CVSS7.4AI score0.0039EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 10:22 a.m.•4 views

Juniper Networks IDP ACM vulnerable to cross-site scripting

Overview Juniper Networks IDP ACM Appliance Configuration Manager contains a cross-site scripting vulnerability. Juniper Networks IDP ACM provides a web interface for changing configurations in the IDP. The ACM contains a cross-site scripting vulnerability. Taketo Ikeuchi of Hitachi Solutions, Lt...

4.3CVSS6.1AI score0.01042EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 10:19 a.m.•3 views

Sage vulnerable to arbitrary script execution

Overview Sage is vulnerable to arbitrary script execution. Note that this vulnerability is different from JVN30221194. Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output...

9.3CVSS6.8AI score0.0339EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 10:14 a.m.•4 views

Sage vulnerable to arbitrary script execution

Overview Sage is vulnerable to arbitrary script execution. Note that this vulnerability is different from JVN99203127. Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output...

5.8CVSS9.1AI score0.00845EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 10:11 a.m.•6 views

Multiple vulnerabilities in Phorum

Overview Phorum contains multiple vulnerabilities. Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

6.8CVSS6.4AI score0.01042EPSS
Exploits0References8
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 12:0 a.m.•39 views

JVN#71435255: Multiple vulnerabilities in Phorum

Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities. Impact An arbitrary file may be uploaded or an arbitrary script may be executed on the web browser of a user that is logged in. Solution Update the software Update to the lates...

6.8CVSS5.8AI score0.01042EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 12:0 a.m.•36 views

JVN#44642341: Juniper Networks IDP ACM vulnerable to cross-site scripting

Juniper Networks IDP ACM provides a web interface for changing configurations in the IDP. The ACM contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the...

4.3CVSS5.9AI score0.01042EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 12:0 a.m.•53 views

JVN#99203127: Sage vulnerable to arbitrary script execution

Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's Mozilla...

9.3CVSS5.9AI score0.0339EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/02 12:0 a.m.•40 views

JVN#30221194: Sage vulnerable to arbitrary script execution

Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's Mozilla...

4.3CVSS9.3AI score0.00845EPSS
Exploits0
Total number of security vulnerabilities5625