Exploitation Summary
EIP tracks 1 public exploit for CVE-2007-0896. PoCs published by Fukumori.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Sage Extension Feed 1.3.9, where malicious script code can be injected into an RSS feed. The PoC uses a crafted RSS feed with a script tag to trigger XSS when rendered in a user's browser.
Description
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.
Exploits (1)
This exploit demonstrates an HTML injection vulnerability in Sage Extension Feed 1.3.9, where malicious script code can be injected into an RSS feed. The PoC uses a crafted RSS feed with a script tag to trigger XSS when rendered in a user's browser.