CVE-2011-3384

Sage add-on <1.3.10 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102.

References (2)

[Third Party Advisory] http://jvn.jp/en/jp/JVN30221194/index.html

[Third Party Advisory] http://jvndb.jvn.jp/jvndb/JVNDB-2011-000069

Scores

EPSS 0.0022

EPSS Percentile 45.0%

Classification

CWE

CWE-79

Status published

Affected Products (3)

sage-mozdev/sage < 1.3.10

sage-mozdev/sage

n/a/n/a

Timeline

Published Sep 08, 2011

Tracked Since Feb 18, 2026