Search criteria
9 vulnerabilities found for sage by sage
JVNDB-2011-000070
Vulnerability from jvndb - Published: 2011-09-02 19:19 - Updated:2011-09-02 19:19Summary
Sage vulnerable to arbitrary script execution
Details
Sage is vulnerable to arbitrary script execution.
Note that this vulnerability is different from JVN#30221194.
Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000070.html",
"dc:date": "2011-09-02T19:19+09:00",
"dcterms:issued": "2011-09-02T19:19+09:00",
"dcterms:modified": "2011-09-02T19:19+09:00",
"description": "Sage is vulnerable to arbitrary script execution.\r\n\r\nNote that this vulnerability is different from JVN#30221194.\r\n\r\nSage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000070.html",
"sec:cpe": {
"#text": "cpe:/a:sage:sage",
"@product": "Sage",
"@vendor": "Sage",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000070",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN99203127/index.html",
"@id": "JVN#99203127",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4102",
"@id": "CVE-2009-4102",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4102",
"@id": "CVE-2009-4102",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/37466",
"@id": "SA37466",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/37120",
"@id": "37120",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/54396",
"@id": "54396",
"@source": "XF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Sage vulnerable to arbitrary script execution"
}
JVNDB-2011-000069
Vulnerability from jvndb - Published: 2011-09-02 19:14 - Updated:2011-09-02 19:14Summary
Sage vulnerable to arbitrary script execution
Details
Sage is vulnerable to arbitrary script execution.
Note that this vulnerability is different from JVN#99203127.
Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.
Yosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000069.html",
"dc:date": "2011-09-02T19:14+09:00",
"dcterms:issued": "2011-09-02T19:14+09:00",
"dcterms:modified": "2011-09-02T19:14+09:00",
"description": "Sage is vulnerable to arbitrary script execution.\r\n\r\nNote that this vulnerability is different from JVN#99203127.\r\n\r\nSage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.\r\n\r\nYosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000069.html",
"sec:cpe": {
"#text": "cpe:/a:sage:sage",
"@product": "Sage",
"@vendor": "Sage",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000069",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN30221194/index.html",
"@id": "JVN#30221194",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3384",
"@id": "CVE-2011-3384",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3384",
"@id": "CVE-2011-3384",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Sage vulnerable to arbitrary script execution"
}
JVNDB-2007-000134
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Sage vulnerable to arbitrary script execution
Details
Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user's web browser.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000134.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user\u0027s web browser.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000134.html",
"sec:cpe": [
{
"#text": "cpe:/a:sage:sage",
"@product": "Sage",
"@vendor": "Sage",
"@version": "2.2"
},
{
"#text": "cpe:/a:sage:sage_plusplus",
"@product": "Sage++",
"@vendor": "Sage",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000134",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN84430861/index.html",
"@id": "JVN#84430861",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0896",
"@id": "CVE-2007-0896",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0896",
"@id": "CVE-2007-0896",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/24086/",
"@id": "SA24086",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/22493",
"@id": "22493",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/32395",
"@id": "32395",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1017624",
"@id": "1017624",
"@source": "SECTRACK"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Sage vulnerable to arbitrary script execution"
}
CVE-2007-0896 (GCVE-0-2007-0896)
Vulnerability from nvd – Published: 2007-02-13 11:00 – Updated: 2024-08-07 12:34
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33131",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33131"
},
{
"name": "1017624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017624"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html"
},
{
"name": "JVN#84430861",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2384430861/index.html"
},
{
"name": "24086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24086"
},
{
"name": "22493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22493"
},
{
"name": "sage-rssfeed-xss(32395)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=16320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a \"\u003cSCRIPT/=\u0027\u0027SRC=\u0027\" sequence in an RSS feed, a different vulnerability than CVE-2006-4712."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33131",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33131"
},
{
"name": "1017624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017624"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html"
},
{
"name": "JVN#84430861",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2384430861/index.html"
},
{
"name": "24086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24086"
},
{
"name": "22493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22493"
},
{
"name": "sage-rssfeed-xss(32395)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=16320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a \"\u003cSCRIPT/=\u0027\u0027SRC=\u0027\" sequence in an RSS feed, a different vulnerability than CVE-2006-4712."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33131",
"refsource": "OSVDB",
"url": "http://osvdb.org/33131"
},
{
"name": "1017624",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017624"
},
{
"name": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html",
"refsource": "CONFIRM",
"url": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html"
},
{
"name": "JVN#84430861",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2384430861/index.html"
},
{
"name": "24086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24086"
},
{
"name": "22493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22493"
},
{
"name": "sage-rssfeed-xss(32395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32395"
},
{
"name": "http://mozdev.org/bugs/show_bug.cgi?id=16320",
"refsource": "CONFIRM",
"url": "http://mozdev.org/bugs/show_bug.cgi?id=16320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0896",
"datePublished": "2007-02-13T11:00:00",
"dateReserved": "2007-02-12T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4711 (GCVE-0-2006-4711)
Vulnerability from nvd – Published: 2006-09-12 16:00 – Updated: 2024-09-16 17:17
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:40.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=448"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=448"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.snellspace.com/wp/?p=410",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"name": "http://mozdev.org/bugs/show_bug.cgi?id=15101",
"refsource": "MISC",
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"name": "http://www.snellspace.com/wp/?p=448",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=448"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4711",
"datePublished": "2006-09-12T16:00:00Z",
"dateReserved": "2006-09-12T00:00:00Z",
"dateUpdated": "2024-09-16T17:17:49.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4712 (GCVE-0-2006-4712)
Vulnerability from nvd – Published: 2006-09-12 16:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:40.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19928"
},
{
"name": "20060908 Cross Context Scripting with Sage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445648/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml"
},
{
"name": "ADV-2006-3553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3553"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite"
},
{
"name": "sage-rss-xss(28855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"name": "1558",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1558"
},
{
"name": "21839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka \"Cross Context Scripting.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19928"
},
{
"name": "20060908 Cross Context Scripting with Sage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445648/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml"
},
{
"name": "ADV-2006-3553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3553"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite"
},
{
"name": "sage-rss-xss(28855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"name": "1558",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1558"
},
{
"name": "21839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka \"Cross Context Scripting.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19928"
},
{
"name": "20060908 Cross Context Scripting with Sage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445648/100/0/threaded"
},
{
"name": "http://www.snellspace.com/wp/?p=410",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml"
},
{
"name": "ADV-2006-3553",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3553"
},
{
"name": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite",
"refsource": "MISC",
"url": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite"
},
{
"name": "sage-rss-xss(28855)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28855"
},
{
"name": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage"
},
{
"name": "http://www.snellspace.com/wp/?p=448",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"name": "1558",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1558"
},
{
"name": "21839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4712",
"datePublished": "2006-09-12T16:00:00",
"dateReserved": "2006-09-12T00:00:00",
"dateUpdated": "2024-08-07T19:23:40.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0896 (GCVE-0-2007-0896)
Vulnerability from cvelistv5 – Published: 2007-02-13 11:00 – Updated: 2024-08-07 12:34
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33131",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33131"
},
{
"name": "1017624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017624"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html"
},
{
"name": "JVN#84430861",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2384430861/index.html"
},
{
"name": "24086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24086"
},
{
"name": "22493",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22493"
},
{
"name": "sage-rssfeed-xss(32395)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=16320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a \"\u003cSCRIPT/=\u0027\u0027SRC=\u0027\" sequence in an RSS feed, a different vulnerability than CVE-2006-4712."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33131",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33131"
},
{
"name": "1017624",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017624"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html"
},
{
"name": "JVN#84430861",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2384430861/index.html"
},
{
"name": "24086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24086"
},
{
"name": "22493",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22493"
},
{
"name": "sage-rssfeed-xss(32395)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=16320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a \"\u003cSCRIPT/=\u0027\u0027SRC=\u0027\" sequence in an RSS feed, a different vulnerability than CVE-2006-4712."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33131",
"refsource": "OSVDB",
"url": "http://osvdb.org/33131"
},
{
"name": "1017624",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017624"
},
{
"name": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html",
"refsource": "CONFIRM",
"url": "http://sage.mozdev.org/blog/archives/2007/1/sage_1_3_10_released.html"
},
{
"name": "JVN#84430861",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2384430861/index.html"
},
{
"name": "24086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24086"
},
{
"name": "22493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22493"
},
{
"name": "sage-rssfeed-xss(32395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32395"
},
{
"name": "http://mozdev.org/bugs/show_bug.cgi?id=16320",
"refsource": "CONFIRM",
"url": "http://mozdev.org/bugs/show_bug.cgi?id=16320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0896",
"datePublished": "2007-02-13T11:00:00",
"dateReserved": "2007-02-12T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4711 (GCVE-0-2006-4711)
Vulnerability from cvelistv5 – Published: 2006-09-12 16:00 – Updated: 2024-09-16 17:17
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:40.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=448"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-12T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=448"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.snellspace.com/wp/?p=410",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"name": "http://mozdev.org/bugs/show_bug.cgi?id=15101",
"refsource": "MISC",
"url": "http://mozdev.org/bugs/show_bug.cgi?id=15101"
},
{
"name": "http://www.snellspace.com/wp/?p=448",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=448"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4711",
"datePublished": "2006-09-12T16:00:00Z",
"dateReserved": "2006-09-12T00:00:00Z",
"dateUpdated": "2024-09-16T17:17:49.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4712 (GCVE-0-2006-4712)
Vulnerability from cvelistv5 – Published: 2006-09-12 16:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:40.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19928"
},
{
"name": "20060908 Cross Context Scripting with Sage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445648/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml"
},
{
"name": "ADV-2006-3553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3553"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite"
},
{
"name": "sage-rss-xss(28855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28855"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"name": "1558",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1558"
},
{
"name": "21839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka \"Cross Context Scripting.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19928"
},
{
"name": "20060908 Cross Context Scripting with Sage",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445648/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml"
},
{
"name": "ADV-2006-3553",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3553"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite"
},
{
"name": "sage-rss-xss(28855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28855"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"name": "1558",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1558"
},
{
"name": "21839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka \"Cross Context Scripting.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19928"
},
{
"name": "20060908 Cross Context Scripting with Sage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445648/100/0/threaded"
},
{
"name": "http://www.snellspace.com/wp/?p=410",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=410"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xml"
},
{
"name": "ADV-2006-3553",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3553"
},
{
"name": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite",
"refsource": "MISC",
"url": "http://www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuite"
},
{
"name": "sage-rss-xss(28855)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28855"
},
{
"name": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/cross-context-scripting-with-sage"
},
{
"name": "http://www.snellspace.com/wp/?p=448",
"refsource": "MISC",
"url": "http://www.snellspace.com/wp/?p=448"
},
{
"name": "1558",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1558"
},
{
"name": "21839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4712",
"datePublished": "2006-09-12T16:00:00",
"dateReserved": "2006-09-12T00:00:00",
"dateUpdated": "2024-08-07T19:23:40.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}