Description
Cross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated by fonts/FuturaLt.swf.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jan Fry · textremotemultiple
https://www.exploit-db.com/exploits/31047
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39835
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27394
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/41006
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/486829/100/0/threaded
Various Sources x_refsource_confirm
http://novemberborn.net/sifr/2.0.3
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3571
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/487585/100/200/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/486787/100/0/threaded
Various Sources x_refsource_misc
http://www.procheckup.com/Vulnerability_PR07-38.php
Scores
EPSS
0.1055
EPSS Percentile
93.3%
Details
CWE
CWE-79
Status
published
Products (1)
novemberborn/sifr
2.0.2
Published
Jan 23, 2008
Tracked Since
Feb 18, 2026