Computer Security
[EN] securityvulns.ru no-pyccku


Multiple RSS applications crosssite scripting
Published:04.02.2007
Source:
SecurityVulns ID:7175
Type:client
Threat Level:
5/10
Description:It's possible to embed scripts in RSS content.
Affected:DARKSKY : Darksky RSS 1.28
 SLEIPNIR : RSS bar for Sleipnir 1.28
 UNDONUT : RSS bar for unDonut 1.28
 SLEIPNIR : Sleipnir 2.49
 SLEIPNIR : Portable Sleipnir 2.45
 FIREFOX : Firefox Sage extension 1.3
CVE:CVE-2007-0706 (Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0705 (Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.)
 CVE-2006-6919 (Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod