CVE-2007-0896
published 2007-02-13CVE-2007-0896: Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.88%
76.8th percentile
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sage | sage | <= 1.3.9 | — |
| sage | sage | — | — |
| sage | sage | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://jvn.jp/jp/JVN%2384430861/index.htmlhttp://mozdev.org/bugs/show_bug.cgi?id=16320http://osvdb.org/33131http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.htmlhttp://secunia.com/advisories/24086http://www.securityfocus.com/bid/22493http://www.securitytracker.com/id?1017624https://exchange.xforce.ibmcloud.com/vulnerabilities/32395http://jvn.jp/jp/JVN%2384430861/index.htmlhttp://mozdev.org/bugs/show_bug.cgi?id=16320http://osvdb.org/33131http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.htmlhttp://secunia.com/advisories/24086http://www.securityfocus.com/bid/22493http://www.securitytracker.com/id?1017624https://exchange.xforce.ibmcloud.com/vulnerabilities/32395
2007-02-13
Published