Sage Extension Feed HTML Injection Vulnerability

Bugtraq ID:	22493
Class:	Input Validation Error
CVE:	CVE-2007-0896
Remote:	Yes
Local:	No
Published:	Feb 09 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Fukumori is credited with the discovery of this vulnerability.
Vulnerable:	Sage Sage 1.3.6
Not Vulnerable:	Sage Sage 1.3.10

Sage Extension Feed HTML Injection Vulnerability

Sage Extension Feed is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Hostile HTML and script code may be injected into vulnerable sections of the application. When viewed, this code may be rendered in the browser of a user viewing a malicious RSS feed.

Sage Extension Feed 1.3.9 is vulnerable to this issue; prior versions may also be affected.

Sage Extension Feed HTML Injection Vulnerability

Attackers can exploit this issue via a web client.

A sample exploit has been provided:

• /data/vulnerabilities/exploits/Sage_RSS_exp.xml

Sage Extension Feed HTML Injection Vulnerability

Solution:
The vendor released an update to address this issue. Please see the references for more information.

Sage Extension Feed HTML Injection Vulnerability

References:

• Bugzilla Bug 16320 (Mozilla bugzilla)
  
• JVN#84430861 (JVN)
  
• Sage Blog (Sage)
  
• Sage Home Page (Sage)