CVE-2007-2060

Опубликовано: 18 апр. 2007

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.

Ссылки

http://osvdb.org/34534
http://secunia.com/advisories/24913
http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/
http://www.kb.cert.org/vuls/id/319464
Patch
US Government Resource
http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T
http://www.securityfocus.com/bid/23523
http://www.vupen.com/english/advisories/2007/1425
https://addons.mozilla.org/en-US/firefox/addon/424
https://exchange.xforce.ibmcloud.com/vulnerabilities/33693
http://osvdb.org/34534
http://secunia.com/advisories/24913
http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/
http://www.kb.cert.org/vuls/id/319464
Patch
US Government Resource
http://www.kb.cert.org/vuls/id/MIMG-6ZKP4T
http://www.securityfocus.com/bid/23523
http://www.vupen.com/english/advisories/2007/1425
https://addons.mozilla.org/en-US/firefox/addon/424
https://exchange.xforce.ibmcloud.com/vulnerabilities/33693

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wizz_computers:wizz_rss_reader:*:*:*:*:*:*:*:*

Версия до 2.1.8 (включая)

EPSS

Процентиль: 88%

0.03629

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-7jh2-p5jr-8vvw

github

почти 4 года назад