CVE-2007-0896

Name of the Vulnerable Software and Affected Versions: Sage versions prior to 1.3.10 Sage++ (affected versions not specified)

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a specific sequence in an RSS feed.

Recommendations: For Sage versions prior to 1.3.10, update to version 1.3.10 or later. At the moment, there is no information about a fix for Sage++; consider restricting the use of RSS feeds in Sage++ until more information is available.