Sage IMG Element Input Validation Vulnerability

Bugtraq ID:	21164
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Sep 08 2006 12:00AM
Updated:	Nov 22 2006 07:05PM
Credit:	Kevin Kierznowski, pdp and Kevin Hamilton are credited with discovering this issue.
Vulnerable:	Sage Sage 1.3.8 Sage Sage 1.3.7 Sage Sage 1.3.6
Not Vulnerable:

Sage IMG Element Input Validation Vulnerability

The application is prone to an input-validation vulnerability that allows malicious HTML and script code to be injected before it is used in dynamically generated content.

Attacker-supplied HTML and script code would execute in the context of the affected application, potentially allowing an attacker to steal cookie-based authentication credentials; other attacks are also possible.

Sage IMG Element Input Validation Vulnerability

To exploit this issue, an attacker must entice a victim to subscribe to an RSS feed that contains malicious HTML and script code and then to read the malicious content with the affected application.

The following proofs of concept are available:

• /data/vulnerabilities/exploits/21164.html
• /data/vulnerabilities/exploits/21164.xml

Sage IMG Element Input Validation Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Sage IMG Element Input Validation Vulnerability

References:

• Sage Home Page (Sage)
  
• Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING (pagvac)