PublicDate: 2006-09-12 16:07:00 UTC
Candidate: CVE-2006-4712
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4712
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow
 remote attackers to inject arbitrary web script or HTML via JavaScript in a
 content:encoded element within an item element in an RSS feed, as
 demonstrated by four example content:encoded elements that use
 XMLHttpRequest to read arbitrary local files, aka "Cross Context
 Scripting."
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
dapper_firefox-sage: DNE
edgy_firefox-sage: DNE
feisty_firefox-sage: released (1.3.6-4)
devel_firefox-sage: released (1.3.6-4)
upstream_firefox-sage: needs-triage