RSSOwl RSS Feeds Multiple HTML Injection Vulnerabilities
BID:53686
Info
RSSOwl RSS Feeds Multiple HTML Injection Vulnerabilities
| Bugtraq ID: | 53686 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 25 2012 12:00AM |
| Updated: | May 25 2012 12:00AM |
| Credit: | Daiki Fukumori of Cyber Defense Institute |
| Vulnerable: |
RSSOwl RSSOwl 1.2.3 RSSOwl RSSOwl 1.2.2 RSSOwl RSSOwl 1.2.1 RSSOwl RSSOwl 2.1 |
| Not Vulnerable: |
RSSOwl RSSOwl 2.1.1 |
Discussion
RSSOwl RSS Feeds Multiple HTML Injection Vulnerabilities
RSSOwl is prone to multiple HTML-injection vulnerabilities.
Attackers can exploit these issues to run arbitrary code within the context of the site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks.
RSSOwl prior to 2.1.1 are vulnerable.
RSSOwl is prone to multiple HTML-injection vulnerabilities.
Attackers can exploit these issues to run arbitrary code within the context of the site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks.
RSSOwl prior to 2.1.1 are vulnerable.
Exploit / POC
RSSOwl RSS Feeds Multiple HTML Injection Vulnerabilities
An attacker must entice a user to subscribe to a malicious feed with the affected application.
An attacker must entice a user to subscribe to a malicious feed with the affected application.
Solution / Fix
RSSOwl RSS Feeds Multiple HTML Injection Vulnerabilities
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
RSSOwl RSS Feeds Multiple HTML Injection Vulnerabilities
References:
References: