Refine your search
3 vulnerabilities found for Sage by Sage
jvndb-2011-000070
Vulnerability from jvndb
Published
2011-09-02 19:19
Modified
2011-09-02 19:19
Summary
Sage vulnerable to arbitrary script execution
Details
Sage is vulnerable to arbitrary script execution.
Note that this vulnerability is different from JVN#30221194.
Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000070.html",
"dc:date": "2011-09-02T19:19+09:00",
"dcterms:issued": "2011-09-02T19:19+09:00",
"dcterms:modified": "2011-09-02T19:19+09:00",
"description": "Sage is vulnerable to arbitrary script execution.\r\n\r\nNote that this vulnerability is different from JVN#30221194.\r\n\r\nSage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000070.html",
"sec:cpe": {
"#text": "cpe:/a:sage:sage",
"@product": "Sage",
"@vendor": "Sage",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000070",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN99203127/index.html",
"@id": "JVN#99203127",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4102",
"@id": "CVE-2009-4102",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4102",
"@id": "CVE-2009-4102",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/37466",
"@id": "SA37466",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/37120",
"@id": "37120",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/54396",
"@id": "54396",
"@source": "XF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Sage vulnerable to arbitrary script execution"
}
jvndb-2011-000069
Vulnerability from jvndb
Published
2011-09-02 19:14
Modified
2011-09-02 19:14
Summary
Sage vulnerable to arbitrary script execution
Details
Sage is vulnerable to arbitrary script execution.
Note that this vulnerability is different from JVN#99203127.
Sage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.
Yosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000069.html",
"dc:date": "2011-09-02T19:14+09:00",
"dcterms:issued": "2011-09-02T19:14+09:00",
"dcterms:modified": "2011-09-02T19:14+09:00",
"description": "Sage is vulnerable to arbitrary script execution.\r\n\r\nNote that this vulnerability is different from JVN#99203127.\r\n\r\nSage is an addon for Mozilla Firefox that adds an RSS/Atom feed reader. Sage is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.\r\n\r\nYosuke HASEGAWA of NetAgent Co.,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000069.html",
"sec:cpe": {
"#text": "cpe:/a:sage:sage",
"@product": "Sage",
"@vendor": "Sage",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000069",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN30221194/index.html",
"@id": "JVN#30221194",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3384",
"@id": "CVE-2011-3384",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3384",
"@id": "CVE-2011-3384",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Sage vulnerable to arbitrary script execution"
}
jvndb-2007-000134
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Sage vulnerable to arbitrary script execution
Details
Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user's web browser.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000134.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user\u0027s web browser.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000134.html",
"sec:cpe": [
{
"#text": "cpe:/a:sage:sage",
"@product": "Sage",
"@vendor": "Sage",
"@version": "2.2"
},
{
"#text": "cpe:/a:sage:sage_plusplus",
"@product": "Sage++",
"@vendor": "Sage",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000134",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN84430861/index.html",
"@id": "JVN#84430861",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0896",
"@id": "CVE-2007-0896",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0896",
"@id": "CVE-2007-0896",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/24086/",
"@id": "SA24086",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/22493",
"@id": "22493",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/32395",
"@id": "32395",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1017624",
"@id": "1017624",
"@source": "SECTRACK"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Sage vulnerable to arbitrary script execution"
}