Информационная безопасность
[RU] switch to English


Межсайтовый скриптинг через RSS во многих приложениях
Опубликовано:4 февраля 2007 г.
Источник:
SecurityVulns ID:7175
Тип:клиент
Уровень опасности:
5/10
Описание:Возможно внедрение скриптов в содержимое RSS-новостей.
Затронутые продукты:DARKSKY : Darksky RSS 1.28
 SLEIPNIR : RSS bar for Sleipnir 1.28
 UNDONUT : RSS bar for unDonut 1.28
 SLEIPNIR : Sleipnir 2.49
 SLEIPNIR : Portable Sleipnir 2.45
 FIREFOX : Firefox Sage extension 1.3
CVE:CVE-2007-0706 (Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0705 (Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and Portable Sleipnir 2.45 and earlier, allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.)
 CVE-2006-6919 (Firefox Sage extension 1.3.8 and earlier allows remote attackers to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element before the malicious script.)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород