SUSE CVE-2009-3266

Opera before 10.01 does not properly restrict HTML in a 1 RSS or 2 Atom feed, which allows remote attackers to conduct cross-site scripting XSS attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed,...

SUSE CVE-2017-12904

Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or URL...

UBUNTU-CVE-2021-28940

Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/magpiedebug.php and /scripts/magpiesimple.php page that if you send a specific https url in the RS...

Newsbeuter Remote Command Execution Vulnerability

Newsbeuter is an open source RSS/Atom reader for text terminals running on Unix-like operating systems such as Linux, FreeBSD, and Mac OS X. It can be used in a variety of applications, such as mobile phones, mobile devices, and mobile phones. A security vulnerability exists in the blog playback...

CVE-2012-6453

Cross-site scripting XSS vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed...

CVE-2012-6453

Cross-site scripting XSS vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed...

Cross site scripting

Cross-site scripting XSS vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed...

CVE-2011-3999

Cross-site scripting XSS vulnerability in the RSS/Atom feed-reader implementation in Iwate Portal Bar allows remote attackers to inject arbitrary web script or HTML via a crafted feed...

CVE-2011-3384

Cross-site scripting XSS vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102...

Cross site scripting

Cross-site scripting XSS vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102...

CVE-2011-3384

CVE-2011-3384 affects the Sage Firefox add-on (versions 1.3.10 and earlier). The root cause is improper processing during HTML page output based on feed information, enabling a cross-site scripting (XSS) vulnerability that could allow arbitrary scripts to run in the user’s browser. The documented...

IBM Lotus Notes RSS Reader Widget HTML Injection Vulnerability (Windows)

This host has IBM Lotus Notes installed and is prone to HTML Injection vulnerability. OpenVAS Vulnerability Test $Id: secpodibmlotusnoteshtmlinjvulnwin.nasl 5055 2017-01-20 14:08:39Z teissa $ IBM Lotus Notes RSS Reader Widget HTML Injection Vulnerability Windows Authors: Antu Sanadi Copyright:...

Design/Logic Flaw

The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K...

CVE-2009-3114

The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K...

CVE-2009-0162

Cross-site scripting XSS vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL...

CVE-2009-0162

Cross-site scripting XSS vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL...

Input validation

Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues."...

Memory corruption

Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service application termination or execute arbitrary code via a crafted feed: URL that triggers memory corruption...

CVE-2007-5859

Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service application termination or execute arbitrary code via a crafted feed: URL that triggers memory corruption...