Search criteria
12 vulnerabilities found for sage by sage
JVNDB-2011-000070
Vulnerability from jvndb - Published: 2011-09-02 19:19 - Updated:2011-09-02 19:19Summary
Sage vulnerable to arbitrary script execution
Details
Sage is vulnerable to arbitrary script execution.
Note that this vulnerability is different from JVN#30221194.
Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000070.html",
"dc:date": "2011-09-02T19:19+09:00",
"dcterms:issued": "2011-09-02T19:19+09:00",
"dcterms:modified": "2011-09-02T19:19+09:00",
"description": "Sage is vulnerable to arbitrary script execution.\r\n\r\nNote that this vulnerability is different from JVN#30221194.\r\n\r\nSage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000070.html",
"sec:cpe": {
"#text": "cpe:/a:sage:sage",
"@product": "Sage",
"@vendor": "Sage",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000070",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN99203127/index.html",
"@id": "JVN#99203127",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4102",
"@id": "CVE-2009-4102",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4102",
"@id": "CVE-2009-4102",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/37466",
"@id": "SA37466",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/37120",
"@id": "37120",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/54396",
"@id": "54396",
"@source": "XF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Sage vulnerable to arbitrary script execution"
}
JVNDB-2011-000069
Vulnerability from jvndb - Published: 2011-09-02 19:14 - Updated:2011-09-02 19:14Summary
Sage vulnerable to arbitrary script execution
Details
Sage is vulnerable to arbitrary script execution.
Note that this vulnerability is different from JVN#99203127.
Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.
Yosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000069.html",
"dc:date": "2011-09-02T19:14+09:00",
"dcterms:issued": "2011-09-02T19:14+09:00",
"dcterms:modified": "2011-09-02T19:14+09:00",
"description": "Sage is vulnerable to arbitrary script execution.\r\n\r\nNote that this vulnerability is different from JVN#99203127.\r\n\r\nSage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.\r\n\r\nYosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000069.html",
"sec:cpe": {
"#text": "cpe:/a:sage:sage",
"@product": "Sage",
"@vendor": "Sage",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000069",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN30221194/index.html",
"@id": "JVN#30221194",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3384",
"@id": "CVE-2011-3384",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3384",
"@id": "CVE-2011-3384",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Sage vulnerable to arbitrary script execution"
}
JVNDB-2007-000134
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Sage vulnerable to arbitrary script execution
Details
Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user's web browser.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000134.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user\u0027s web browser.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000134.html",
"sec:cpe": [
{
"#text": "cpe:/a:sage:sage",
"@product": "Sage",
"@vendor": "Sage",
"@version": "2.2"
},
{
"#text": "cpe:/a:sage:sage_plusplus",
"@product": "Sage++",
"@vendor": "Sage",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000134",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN84430861/index.html",
"@id": "JVN#84430861",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0896",
"@id": "CVE-2007-0896",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0896",
"@id": "CVE-2007-0896",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/24086/",
"@id": "SA24086",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/22493",
"@id": "22493",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/32395",
"@id": "32395",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1017624",
"@id": "1017624",
"@source": "SECTRACK"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Sage vulnerable to arbitrary script execution"
}
FKIE_CVE-2007-0896
Vulnerability from fkie_nvd - Published: 2007-02-13 11:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://jvn.jp/jp/JVN%2384430861/index.html | Vendor Advisory | |
| cve@mitre.org | http://mozdev.org/bugs/show_bug.cgi?id=16320 | ||
| cve@mitre.org | http://osvdb.org/33131 | ||
| cve@mitre.org | http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html | ||
| cve@mitre.org | http://secunia.com/advisories/24086 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/22493 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1017624 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/32395 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/jp/JVN%2384430861/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://mozdev.org/bugs/show_bug.cgi?id=16320 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/33131 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24086 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22493 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1017624 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/32395 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sage:sage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB12631D-489F-45BC-AC38-625E26668C45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sage:sage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1BE0EA-6FCE-48C7-97C8-CE2BFC13F318",
"versionEndIncluding": "1.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sage:sage:1.0_beta_3:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F2C14A-1F30-4E88-9DE6-E0D456BC03F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sage:sage:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "396044E4-866F-455F-87BE-0D14BF7960E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a \"\u003cSCRIPT/=\u0027\u0027SRC=\u0027\" sequence in an RSS feed, a different vulnerability than CVE-2006-4712."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting(XSS) en (1) Sage versiones anteriores a 1.3.10, y (2) extensiones de Sage++ para Firefox, permite a atacantes remotos inyectar script web o HTML arbitrario a por medio de una secuencia \"(SCRIPT/=\u0027\u0027SRC=\u0027\" en un fuente RSS, una vulnerabilidad diferente de CVE-2006-4712."
}
],
"id": "CVE-2007-0896",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-02-13T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/jp/JVN%2384430861/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://mozdev.org/bugs/show_bug.cgi?id=16320"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33131"
},
{
"source": "cve@mitre.org",
"url": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24086"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22493"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017624"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/jp/JVN%2384430861/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mozdev.org/bugs/show_bug.cgi?id=16320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33131"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32395"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4711
Vulnerability from fkie_nvd - Published: 2006-09-12 16:07 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://mozdev.org/bugs/show_bug.cgi?id=15101 | Exploit | |
| cve@mitre.org | http://www.snellspace.com/wp/?p=410 | ||
| cve@mitre.org | http://www.snellspace.com/wp/?p=448 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://mozdev.org/bugs/show_bug.cgi?id=15101 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.snellspace.com/wp/?p=410 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.snellspace.com/wp/?p=448 | Exploit |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sage:sage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB12631D-489F-45BC-AC38-625E26668C45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sage permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del alimentador Atom 1.0, seg\u00fan lo demostrado por en cierto casos deprueba de la suite de prueba del lector James M. Snell Atom 1.0."
}
],
"id": "CVE-2006-4711",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-12T16:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"source": "cve@mitre.org",
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.snellspace.com/wp/?p=448"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4712
Vulnerability from fkie_nvd - Published: 2006-09-12 16:07 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml | Exploit | |
| cve@mitre.org | http://secunia.com/advisories/21839 | Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/1558 | ||
| cve@mitre.org | http://www.gnucitizen.org/blog/cross-context-scripting-with-sage | ||
| cve@mitre.org | http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/445648/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/19928 | Exploit | |
| cve@mitre.org | http://www.snellspace.com/wp/?p=410 | ||
| cve@mitre.org | http://www.snellspace.com/wp/?p=448 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/3553 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28855 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21839 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/1558 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gnucitizen.org/blog/cross-context-scripting-with-sage | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/445648/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19928 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.snellspace.com/wp/?p=410 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.snellspace.com/wp/?p=448 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3553 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28855 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sage:sage:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "396044E4-866F-455F-87BE-0D14BF7960E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka \"Cross Context Scripting.\""
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sage 1.3.6 permite a un atacante remoto inyectar secuencias de comandos web o HTMl de su elecci\u00f3n a trav\u00e9s de JavaScript en un contenido: elemento codificado dentro de un elemento del art\u00edculo en un alimentador RSS, como quedo demostrado por cuatrp ejemplos: elementos codificados que utilizaban XMLHttpRequest para leer archivos locales arbitrarios, tambi\u00e9n conocidos como \u201csecuencia de comandos de sitios cruzados\u201d ."
}
],
"id": "CVE-2006-4712",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-12T16:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21839"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1558"
},
{
"source": "cve@mitre.org",
"url": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage"
},
{
"source": "cve@mitre.org",
"url": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/445648/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19928"
},
{
"source": "cve@mitre.org",
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"source": "cve@mitre.org",
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3553"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/445648/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/19928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28855"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-0896 (GCVE-0-2007-0896)
Vulnerability from cvelistv5 – Published: 2007-02-13 11:00 – Updated: 2024-08-07 12:34
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33131",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33131"
},
{
"name": "1017624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017624"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html"
},
{
"name": "JVN#84430861",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2384430861/index.html"
},
{
"name": "24086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24086"
},
{
"name": "22493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22493"
},
{
"name": "sage-rssfeed-xss(32395)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=16320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a \"\u003cSCRIPT/=\u0027\u0027SRC=\u0027\" sequence in an RSS feed, a different vulnerability than CVE-2006-4712."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33131",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33131"
},
{
"name": "1017624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017624"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html"
},
{
"name": "JVN#84430861",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2384430861/index.html"
},
{
"name": "24086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24086"
},
{
"name": "22493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22493"
},
{
"name": "sage-rssfeed-xss(32395)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=16320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a \"\u003cSCRIPT/=\u0027\u0027SRC=\u0027\" sequence in an RSS feed, a different vulnerability than CVE-2006-4712."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33131",
"refsource": "OSVDB",
"url": "http://osvdb.org/33131"
},
{
"name": "1017624",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017624"
},
{
"name": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html",
"refsource": "CONFIRM",
"url": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html"
},
{
"name": "JVN#84430861",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2384430861/index.html"
},
{
"name": "24086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24086"
},
{
"name": "22493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22493"
},
{
"name": "sage-rssfeed-xss(32395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32395"
},
{
"name": "http://mozdev.org/bugs/show_bug.cgi?id=16320",
"refsource": "CONFIRM",
"url": "http://mozdev.org/bugs/show_bug.cgi?id=16320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0896",
"datePublished": "2007-02-13T11:00:00",
"dateReserved": "2007-02-12T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4712 (GCVE-0-2006-4712)
Vulnerability from cvelistv5 – Published: 2006-09-12 16:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:40.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19928"
},
{
"name": "20060908 Cross Context Scripting with Sage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445648/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml"
},
{
"name": "ADV-2006-3553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3553"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite"
},
{
"name": "sage-rss-xss(28855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"name": "1558",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1558"
},
{
"name": "21839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka \"Cross Context Scripting.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19928"
},
{
"name": "20060908 Cross Context Scripting with Sage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445648/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml"
},
{
"name": "ADV-2006-3553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3553"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite"
},
{
"name": "sage-rss-xss(28855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"name": "1558",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1558"
},
{
"name": "21839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka \"Cross Context Scripting.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19928"
},
{
"name": "20060908 Cross Context Scripting with Sage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445648/100/0/threaded"
},
{
"name": "http://www.snellspace.com/wp/?p=410",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml"
},
{
"name": "ADV-2006-3553",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3553"
},
{
"name": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite",
"refsource": "MISC",
"url": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite"
},
{
"name": "sage-rss-xss(28855)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28855"
},
{
"name": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage"
},
{
"name": "http://www.snellspace.com/wp/?p=448",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"name": "1558",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1558"
},
{
"name": "21839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4712",
"datePublished": "2006-09-12T16:00:00",
"dateReserved": "2006-09-12T00:00:00",
"dateUpdated": "2024-08-07T19:23:40.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4711 (GCVE-0-2006-4711)
Vulnerability from cvelistv5 – Published: 2006-09-12 16:00 – Updated: 2024-09-16 17:17
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:40.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=448"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=448"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.snellspace.com/wp/?p=410",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"name": "http://mozdev.org/bugs/show_bug.cgi?id=15101",
"refsource": "MISC",
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"name": "http://www.snellspace.com/wp/?p=448",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=448"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4711",
"datePublished": "2006-09-12T16:00:00Z",
"dateReserved": "2006-09-12T00:00:00Z",
"dateUpdated": "2024-09-16T17:17:49.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0896 (GCVE-0-2007-0896)
Vulnerability from nvd – Published: 2007-02-13 11:00 – Updated: 2024-08-07 12:34
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33131",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33131"
},
{
"name": "1017624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017624"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html"
},
{
"name": "JVN#84430861",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2384430861/index.html"
},
{
"name": "24086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24086"
},
{
"name": "22493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22493"
},
{
"name": "sage-rssfeed-xss(32395)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=16320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a \"\u003cSCRIPT/=\u0027\u0027SRC=\u0027\" sequence in an RSS feed, a different vulnerability than CVE-2006-4712."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33131",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33131"
},
{
"name": "1017624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017624"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html"
},
{
"name": "JVN#84430861",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2384430861/index.html"
},
{
"name": "24086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24086"
},
{
"name": "22493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22493"
},
{
"name": "sage-rssfeed-xss(32395)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=16320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a \"\u003cSCRIPT/=\u0027\u0027SRC=\u0027\" sequence in an RSS feed, a different vulnerability than CVE-2006-4712."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33131",
"refsource": "OSVDB",
"url": "http://osvdb.org/33131"
},
{
"name": "1017624",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017624"
},
{
"name": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html",
"refsource": "CONFIRM",
"url": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html"
},
{
"name": "JVN#84430861",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2384430861/index.html"
},
{
"name": "24086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24086"
},
{
"name": "22493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22493"
},
{
"name": "sage-rssfeed-xss(32395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32395"
},
{
"name": "http://mozdev.org/bugs/show_bug.cgi?id=16320",
"refsource": "CONFIRM",
"url": "http://mozdev.org/bugs/show_bug.cgi?id=16320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0896",
"datePublished": "2007-02-13T11:00:00",
"dateReserved": "2007-02-12T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4712 (GCVE-0-2006-4712)
Vulnerability from nvd – Published: 2006-09-12 16:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:40.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19928"
},
{
"name": "20060908 Cross Context Scripting with Sage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445648/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml"
},
{
"name": "ADV-2006-3553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3553"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite"
},
{
"name": "sage-rss-xss(28855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"name": "1558",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1558"
},
{
"name": "21839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka \"Cross Context Scripting.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19928"
},
{
"name": "20060908 Cross Context Scripting with Sage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445648/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml"
},
{
"name": "ADV-2006-3553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3553"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite"
},
{
"name": "sage-rss-xss(28855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"name": "1558",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1558"
},
{
"name": "21839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka \"Cross Context Scripting.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19928"
},
{
"name": "20060908 Cross Context Scripting with Sage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445648/100/0/threaded"
},
{
"name": "http://www.snellspace.com/wp/?p=410",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml"
},
{
"name": "ADV-2006-3553",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3553"
},
{
"name": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite",
"refsource": "MISC",
"url": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite"
},
{
"name": "sage-rss-xss(28855)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28855"
},
{
"name": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage"
},
{
"name": "http://www.snellspace.com/wp/?p=448",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"name": "1558",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1558"
},
{
"name": "21839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4712",
"datePublished": "2006-09-12T16:00:00",
"dateReserved": "2006-09-12T00:00:00",
"dateUpdated": "2024-08-07T19:23:40.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4711 (GCVE-0-2006-4711)
Vulnerability from nvd – Published: 2006-09-12 16:00 – Updated: 2024-09-16 17:17
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:40.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=448"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=448"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.snellspace.com/wp/?p=410",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"name": "http://mozdev.org/bugs/show_bug.cgi?id=15101",
"refsource": "MISC",
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"name": "http://www.snellspace.com/wp/?p=448",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=448"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4711",
"datePublished": "2006-09-12T16:00:00Z",
"dateReserved": "2006-09-12T00:00:00Z",
"dateUpdated": "2024-09-16T17:17:49.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}