Sage: >> Sage >> 1.0_beta_3 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.
CVSS Score
4.3
EPSS Score
0.09
Published
2007-02-13
Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message.
CVSS Score
5.0
EPSS Score
0.034
Published
2003-12-31
Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2003-12-31