Back to search
CVE-2008-0438
Published: Jan 23, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated by fonts/FuturaLt.swf.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
41006
vdb-entry
x_refsource_OSVDB
20080122 Re: PR07-38: XSS on sIFR
mailing-list
x_refsource_BUGTRAQ
http://novemberborn.net/sifr/2.0.3
x_refsource_CONFIRM
sifr-fontname-xss(39835)
vdb-entry
x_refsource_XF
3571
third-party-advisory
x_refsource_SREASON
27394
vdb-entry
x_refsource_BID
20080205 Re: PR07-38: XSS on sIFR
mailing-list
x_refsource_BUGTRAQ
20080122 PR07-38: XSS on sIFR
mailing-list
x_refsource_BUGTRAQ
http://www.procheckup.com/Vulnerability_PR07-38.php
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now