Search...

JVN#77947437: RSSOwl vulnerable to arbitrary script execution

2012-05-25T00:00:00

ID JVN:77947437
Type jvn
Reporter Japan Vulnerability Notes
Modified 2012-05-30T00:00:00

Description

## Description

RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.

## Impact

An arbitrary script may be executed on the user's web browser.

## Solution

Update the software
Update to the latest version according to the information provided by the developer.

## Products Affected

RSSOwl versions prior to 2.1.1

JSON Vulners Source

Initial Source

{"id": "JVN:77947437", "bulletinFamily": "info", "title": "JVN#77947437: RSSOwl vulnerable to arbitrary script execution", "description": "\n ## Description\n\nRSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.\n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser. \n\n\n ## Solution\n\n**Update the software** \nUpdate to the latest version according to the information provided by the developer. \n\n\n ## Products Affected\n\n * RSSOwl versions prior to 2.1.1 \n\n", "published": "2012-05-25T00:00:00", "modified": "2012-05-30T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "http://jvn.jp/en/jp/JVN77947437/index.html", "reporter": "Japan Vulnerability Notes", "references": [], "cvelist": ["CVE-2012-1252"], "type": "jvn", "lastseen": "2019-05-29T17:21:46", "history": [{"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2012-1252"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "\n ## Description\n\nRSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.\n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser. \n\n\n ## Solution\n\n**Update the software** \nUpdate to the latest version according to the information provided by the developer. \n\n\n ## Products Affected\n\n * RSSOwl versions prior to 2.1.1 \n\n", "edition": 1, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "52fca8528ade4ed23e966ac076cc90ab02b897de95293ab7a1ea48b3ab058872", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "933e37c2beeefe4a041a3b0ae38030c5", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e2bd4f48ef6667ad18b60c1e8f34deb7", "key": "type"}, {"hash": "8b7ae13ae8ec1d63ca8003f0d75e919a", "key": "published"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "507a1803138617c25061d1688b233774", "key": "description"}, {"hash": "a4bbd40da46b380b08353ff92d2bc1be", "key": "cvelist"}, {"hash": "9df6d953e0e0b3954e5b97b5751df736", "key": "href"}, {"hash": "daaa496d8bfa1a8534a37575e35f2aab", "key": "title"}, {"hash": "f9fe4a10564fea839585169312e4edf9", "key": "modified"}], "history": [], "href": "http://jvn.jp/en/jp/JVN77947437/index.html", "id": "JVN:77947437", "lastseen": "2017-03-23T17:09:48", "modified": "2012-05-30T00:00:00", "objectVersion": "1.2", "published": "2012-05-25T00:00:00", "references": [], "reporter": "Japan Vulnerability Notes", "title": "JVN#77947437: RSSOwl vulnerable to arbitrary script execution", "type": "jvn", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2017-03-23T17:09:48"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2012-1252"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "\n ## Description\n\nRSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.\n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser. \n\n\n ## Solution\n\n**Update the software** \nUpdate to the latest version according to the information provided by the developer. \n\n\n ## Products Affected\n\n * RSSOwl versions prior to 2.1.1 \n\n", "edition": 3, "enchantments": {"dependencies": {"modified": "2018-08-31T00:36:24", "references": [{"idList": ["CVE-2012-1252"], "type": "cve"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "52fca8528ade4ed23e966ac076cc90ab02b897de95293ab7a1ea48b3ab058872", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "933e37c2beeefe4a041a3b0ae38030c5", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e2bd4f48ef6667ad18b60c1e8f34deb7", "key": "type"}, {"hash": "8b7ae13ae8ec1d63ca8003f0d75e919a", "key": "published"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "507a1803138617c25061d1688b233774", "key": "description"}, {"hash": "a4bbd40da46b380b08353ff92d2bc1be", "key": "cvelist"}, {"hash": "9df6d953e0e0b3954e5b97b5751df736", "key": "href"}, {"hash": "daaa496d8bfa1a8534a37575e35f2aab", "key": "title"}, {"hash": "f9fe4a10564fea839585169312e4edf9", "key": "modified"}], "history": [], "href": "http://jvn.jp/en/jp/JVN77947437/index.html", "id": "JVN:77947437", "lastseen": "2018-08-31T00:36:24", "modified": "2012-05-30T00:00:00", "objectVersion": "1.3", "published": "2012-05-25T00:00:00", "references": [], "reporter": "Japan Vulnerability Notes", "title": "JVN#77947437: RSSOwl vulnerable to arbitrary script execution", "type": "jvn", "viewCount": 1}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-31T00:36:24"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2012-1252"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "\n ## Description\n\nRSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information.\n\n ## Impact\n\nAn arbitrary script may be executed on the user's web browser. \n\n\n ## Solution\n\n**Update the software** \nUpdate to the latest version according to the information provided by the developer. \n\n\n ## Products Affected\n\n * RSSOwl versions prior to 2.1.1 \n\n", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "6edb03fe1339f2ef95e4d689aab1e9fa70de34366540e5c16282701387a44a9d", "hashmap": [{"hash": "933e37c2beeefe4a041a3b0ae38030c5", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e2bd4f48ef6667ad18b60c1e8f34deb7", "key": "type"}, {"hash": "8b7ae13ae8ec1d63ca8003f0d75e919a", "key": "published"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "507a1803138617c25061d1688b233774", "key": "description"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "a4bbd40da46b380b08353ff92d2bc1be", "key": "cvelist"}, {"hash": "9df6d953e0e0b3954e5b97b5751df736", "key": "href"}, {"hash": "daaa496d8bfa1a8534a37575e35f2aab", "key": "title"}, {"hash": "f9fe4a10564fea839585169312e4edf9", "key": "modified"}], "history": [], "href": "http://jvn.jp/en/jp/JVN77947437/index.html", "id": "JVN:77947437", "lastseen": "2018-08-30T20:36:40", "modified": "2012-05-30T00:00:00", "objectVersion": "1.3", "published": "2012-05-25T00:00:00", "references": [], "reporter": "Japan Vulnerability Notes", "title": "JVN#77947437: RSSOwl vulnerable to arbitrary script execution", "type": "jvn", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T20:36:40"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "a4bbd40da46b380b08353ff92d2bc1be"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "description", "hash": "507a1803138617c25061d1688b233774"}, {"key": "href", "hash": "9df6d953e0e0b3954e5b97b5751df736"}, {"key": "modified", "hash": "f9fe4a10564fea839585169312e4edf9"}, {"key": "published", "hash": "8b7ae13ae8ec1d63ca8003f0d75e919a"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "933e37c2beeefe4a041a3b0ae38030c5"}, {"key": "title", "hash": "daaa496d8bfa1a8534a37575e35f2aab"}, {"key": "type", "hash": "e2bd4f48ef6667ad18b60c1e8f34deb7"}], "hash": "e74be1e48ce7b2e2e58e6b09faf8ec9f5d7970a9e890aa881f5f5398ab29981e", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1252"]}], "modified": "2019-05-29T17:21:46"}, "score": {"value": 5.0, "vector": "NONE", "modified": "2019-05-29T17:21:46"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:12:21", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760.", "modified": "2012-06-05T04:00:00", "id": "CVE-2012-1252", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1252", "published": "2012-06-04T15:55:00", "title": "CVE-2012-1252", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}