FreshRSS 跨站请求伪造漏洞

FreshRSS is a free, self-hosted RSS aggregator from FreshRSS Open Source. A cross-site request forgery vulnerability exists in versions of FreshRSS prior to 1.26.2, which stems from mishandling of malicious feed entries and could result in a denial of service...

PT-2023-18666 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.6 Description: The issue concerns cross-site scripting via malicious RSS feeds. An administrator can import a malicious RSS feed containing Cross Site Scripting XSS payloads inside RSS links. When victims visit the...

Sage vulnerable to arbitrary script execution

Overview Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user's web browser. Impact An arbitrary script may be executed on Mozilla...