Vulnerabilities > CVE-2006-6919 - Remote Security vulnerability in Sage-Mozdev Sage 1.3.8
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Sage 1.3.6 Input Validation Vulnerability. CVE-2006-6919. Remote exploits for multiple platform |
id | EDB-ID:28501 |
last seen | 2016-02-03 |
modified | 2006-09-08 |
published | 2006-09-08 |
reporter | pdp |
source | https://www.exploit-db.com/download/28501/ |
title | Sage 1.3.6 Input Validation Vulnerability |