Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

Computer & Web Vulnerabilities

Bug2-300x224


Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

Exploit Title: Feed2JS v1.7 magpie_debug.php? &url parameter XSS Security Vulnerabilities

Product: Feed2JS

Vendor: feed2js.org

Vulnerable Versions: v1.7

Tested Version: v1.7

Advisory Publication: May 09, 2015

Latest Update: May 09, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

Proposition Details:

(1) Vendor & Product Description:

Vendor:

feed2js.org

Product & Vulnerable Versions:

Feed2JS

v1.7

Vendor URL & Download:

Feed2JS can be downloaded from here,

https://feed2js.org/index.php?s=download

Source code:

http://www.gnu.org/licenses/gpl.html

Product Introduction Overview:

“What is “Feed to JavaScript? An RSS Feed is a dynamically generated summary (in XML format) of information or news published on other web sites- so when the published RSS changes, your web…

View original post 431 more words

Advertisements
This entry was posted in IT Computer & Web and tagged , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s