feedreader3 has XSS vulnerability

2007-10-01T00:00:00
ID SECURITYVULNS:DOC:18093
Type securityvulns
Reporter Securityvulns
Modified 2007-10-01T00:00:00

Description

Hello,

I have found that feedreader3 has XSS vulnerability in its internal browser. When I post a script into wordpress( like <script>alert("XSS")</script>, the RSS feed in the internal browser is vulnerable and show an alert box. POC movie here: http://www.hacking.org.il/demos/feedreader3.wmv

Guy Mizrahi (ZuLL) Hebrew blog: http://www.hacking.org.il