VYPR
Unrated severityNVD Advisory· Published Sep 12, 2006· Updated Jun 16, 2026

CVE-2006-4712

CVE-2006-4712

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Sage/Sage2 versions
    cpe:2.3:a:sage:sage:1.3.6:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:sage:sage:1.3.6:*:*:*:*:*:*:*
    • (no CPE)range: <=1.3.6

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.