Ziepod+ Podcast Feed Javascript Code Injection Vulnerability

Bugtraq ID:	39930
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 05 2010 12:00AM
Updated:	May 05 2010 12:00AM
Credit:	sinn3r
Vulnerable:	Ziemantics Ziepod+ 1.0
Not Vulnerable:

Ziepod+ Podcast Feed Javascript Code Injection Vulnerability

Ziepod+ is prone to a remote Javascript code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary malicious Javascript code within the context of the affected application. Successful exploits will compromise the affected application and the underlying system; other attacks are also possible.

Ziepod+ 1.0 is vulnerable; other versions may also be affected.

Ziepod+ Podcast Feed Javascript Code Injection Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to subscribe to a malicious podcast feed.

The following example code is available.

• /data/vulnerabilities/exploits/39930.py

Ziepod+ Podcast Feed Javascript Code Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Ziepod+ Podcast Feed Javascript Code Injection Vulnerability

References:

• Ziemantics Homepage (Ziemantics)
  
• Ziepod+ Homepage (Ziemantics)