FreshReader Feed HTML Injection Vulnerability
BID:22106
Info
FreshReader Feed HTML Injection Vulnerability
| Bugtraq ID: | 22106 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 18 2007 12:00AM |
| Updated: | Jan 18 2007 06:20PM |
| Credit: | Fukumori is credited with the discovery of this vulnerability. |
| Vulnerable: |
FreshReader FreshReader 1.0.6053100 |
| Not Vulnerable: |
FreshReader FreshReader 1.0.7010600 |
Discussion
FreshReader Feed HTML Injection Vulnerability
FreshReader is prone to a HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
FreshReader Feed versions prior to 1.0.07010600 are vulnerable to this issue.
FreshReader is prone to a HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
FreshReader Feed versions prior to 1.0.07010600 are vulnerable to this issue.
Exploit / POC
FreshReader Feed HTML Injection Vulnerability
An attacker may exploit this issue by enticing a user to view RSS feeds.
An attacker may exploit this issue by enticing a user to view RSS feeds.