Feedparser Security Vulnerabilities and Issues — Feedparser CVE List

cve

CVE-2009-5065

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.

5.4AI Score

0.011EPSS

2011-04-11 06:55 PM

55

cve

CVE-2011-1156

feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration.

6.3AI Score

0.059EPSS

2011-04-11 06:55 PM

70

cve

CVE-2011-1157

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments.

5.5AI Score

0.003EPSS

2011-04-11 06:55 PM

58

cve

CVE-2011-1158

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI.

5.4AI Score

0.003EPSS

2011-04-11 06:55 PM

71

cve

CVE-2012-2921

Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.

6.4AI Score

0.034EPSS

2012-05-21 10:55 PM

58