Cross-site Scripting (XSS)

2023-03-1411:41:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

rsshub

vulnerability

javascript

browser

injection

0.001 Low

EPSS

Percentile

32.3%

JSON

rsshub is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to the improper sanitisation of special characters in parameter.js which allows an attacker to inject and execute malicious JavaScript into the browser.

CPENameOperatorVersion
rsshuble1.0.0-master.c8f06fe
rsshuble1.0.0-master.c8f06fe

CPE	Name	Operator	Version
	rsshub	le	1.0.0-master.c8f06fe
	rsshub	le	1.0.0-master.c8f06fe

References

github.com/DIYgod/RSSHub/commit/c910c4d28717fb860fbe064736641f379fab2c91

github.com/DIYgod/RSSHub/security/advisories/GHSA-32gr-4cq6-5w5q

0.001 Low

EPSS

Percentile

32.3%

JSON

Related for VERACODE:39773