Unrated severityNVD Advisory· Published Sep 12, 2006· Updated Apr 16, 2026
CVE-2006-4712
CVE-2006-4712
Description
Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- downloads.securityfocus.com/vulnerabilities/exploits/sage-inputvalidation.xmlnvdExploit
- www.securityfocus.com/bid/19928nvdExploit
- secunia.com/advisories/21839nvdVendor Advisory
- www.vupen.com/english/advisories/2006/3553nvdVendor Advisory
- securityreason.com/securityalert/1558nvd
- www.gnucitizen.org/blog/cross-context-scripting-with-sagenvd
- www.intertwingly.net/blog/2006/08/09/Attack-Delivery-TestSuitenvd
- www.securityfocus.com/archive/1/445648/100/0/threadednvd
- www.snellspace.com/wp/nvd
- www.snellspace.com/wp/nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/28855nvd
News mentions
0No linked articles in our index yet.