Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2011-3384
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-3384

2022-10-0316:15:06
CWE-79
[email protected]
web.nvd.nist.gov
24
cve-2011-3384
cross-site scripting
xss
sage add-on
firefox
remote attackers
arbitrary web script
html
crafted feed

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

JSON

Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102.

Affected configurations

NVD
Node
sage-mozdevsageRange1.3.10
OR
sage-mozdevsageMatch1.3.8
AND
mozillafirefox

Related

cvelist 2
nvd 2
prion 2
jvn 2
securityvulns 2
openvas 2
seebug 1
ubuntucve 1
cve 1
nessus 1
debian 1
rosalinux 2
cvelist
cvelist
CVE-2011-3384
2022-10-03 16:15:06
CVE-2009-4102
2009-11-28 11:00:00
nvd
nvd
CVE-2011-3384
2011-09-08 18:55:01
CVE-2009-4102
2009-11-29 13:08:29
prion
prion
Cross site scripting
2011-09-08 18:55:00
Cross site scripting
2009-11-29 13:08:00
jvn
jvn
JVN#30221194: Sage vulnerable to arbitrary script execution
2011-09-02 00:00:00
JVN#99203127: Sage vulnerable to arbitrary script execution
2011-09-02 00:00:00
securityvulns
securityvulns
firefox-sage RSS reader crossite scripting
2009-12-15 00:00:00
[SECURITY] [DSA 1951-1] New firefox-sage packages fix insufficient input sanitizing
2009-12-15 00:00:00
openvas
openvas
Debian Security Advisory DSA 1951-1 (firefox-sage)
2009-12-30 00:00:00
Debian: Security Advisory (DSA-1951-1)
2009-12-30 00:00:00
seebug
seebug
Firefox Sage扩展RSS源跨域脚本执行漏洞
2009-12-03 00:00:00
ubuntucve
ubuntucve
CVE-2009-4102
2009-11-29 00:00:00
cve
cve
CVE-2009-4102
2009-11-29 13:08:29
nessus
nessus
Debian DSA-1951-1 : firefox-sage - insufficient input sanitising
2010-02-24 00:00:00
debian
debian
[SECURITY] [DSA 1951-1] New firefox-sage packages fix insufficient input sanitizing
2009-12-15 11:55:16
rosalinux
rosalinux
Advisory ROSA-SA-2024-2371
2024-03-12 12:37:38
Advisory ROSA-SA-2024-2370
2024-03-12 08:35:15

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.2%

JSON
Related for CVE-2011-3384
cvelist2nvd2prion2jvn2securityvulns2openvas2seebug1ubuntucve1cve1nessus1debian1rosalinux2