CVE-2006-6919

Sažetak

Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.

Reference

http://michaeldaw.org/md-hacks/rss-injection-in-sage-part-2/
http://secunia.com/advisories/22809
http://www.securityfocus.com/archive/1/452010/100/0/threaded
http://www.vupen.com/english/advisories/2006/4426
https://exchange.xforce.ibmcloud.com/vulnerabilities/30179

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

16-10-2018 - 16:29

Objavljeno

11-01-2007 - 23:28