JVN#65869891: glucose 2 vulnerable to arbitrary script execution

ID JVN:65869891
Type jvn
Reporter Japan Vulnerability Notes
Modified 2012-01-23T00:00:00


## Description

glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output.

## Impact

An arbitrary script may be executed on the vulnerable system.

## Solution

Update the software
Update to the latest version according to the information provided by the developer.

According to the developer, there are no plans for glucose 2 to be updated or maintained. Therefore, it is recommended that users should consider to use a different product that provides similar functionality.

## Products Affected

  • glucose 2 stages prior to 6.2