Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rss feed reader vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2007-1610
Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue prior to 1.3.4 allows remote malicious users to inject arbitrary web script or HTML via a feed.
Glue Software Newsglue
383
VMScore
CVE-2006-4760
Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote malicious users to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader t...
Benjamin Pasero And Tobias Eichert Rssowl
383
VMScore
CVE-2007-2335
Cross-site scripting (XSS) vulnerability in the RSS feed reader functionality in Lunascape 4.1.3 build2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Lunascape Lunascape 4.1.2
Lunascape Lunascape 4.1.3
Lunascape Lunascape 4.1
Lunascape Lunascape 4.1.1
828
VMScore
CVE-2009-4102
Sage 1.4.3 and previous versions extension for Firefox performs certain operations with chrome privileges, which allows remote malicious users to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
Sage.mozdev Sage 1.3.8
Sage.mozdev Sage
Mozilla Firefox
383
VMScore
CVE-2007-1611
Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote malicious users to inject arbitrary web script or HTML via the title of an article in a feed.
Sourcenext Ikanari Jijyou 1.0.1
Sourcenext Ikanari Jijyou 1.0.0
685
VMScore
CVE-2007-5837
GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote malicious users to execute arbitrary commands via shell metacharacters in a link element in a feed.
Yarssr Yarssr 0.2.2
1 EDB exploit
828
VMScore
CVE-2017-12904
Improper Neutralization of Special Elements used in an OS Command in bookmarking function of Newsbeuter versions 0.7 up to and including 2.9 allows remote malicious users to perform user-assisted code execution by crafting an RSS item that includes shell code in its title and/or ...
Newsbeuter Newsbeuter 1.0
Newsbeuter Newsbeuter 2.4
Newsbeuter Newsbeuter 2.3
Newsbeuter Newsbeuter 0.8
Newsbeuter Newsbeuter 1.3
Newsbeuter Newsbeuter 0.9
Newsbeuter Newsbeuter 2.0
Newsbeuter Newsbeuter 2.1
Newsbeuter Newsbeuter 0.8.1
Newsbeuter Newsbeuter 2.8
Newsbeuter Newsbeuter 2.5
Newsbeuter Newsbeuter 0.8.2
Newsbeuter Newsbeuter 2.6
Newsbeuter Newsbeuter 0.7
Newsbeuter Newsbeuter 2.2
Newsbeuter Newsbeuter 1.1
Newsbeuter Newsbeuter 2.7
Newsbeuter Newsbeuter 2.9
Newsbeuter Newsbeuter 0.9.1
Newsbeuter Newsbeuter 1.2
Debian Debian Linux 8.0
Debian Debian Linux 7.0
NA
CVE-2023-27592
Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the `html.ServerError` is returned unescaped without the expected Content Security Polic...
Miniflux Project Miniflux
605
VMScore
CVE-2017-14500
Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 up to and including 2.9 allows remote malicious users to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a ...
Newsbeuter Newsbeuter 0.8.1
Newsbeuter Newsbeuter 0.8.2
Newsbeuter Newsbeuter 2.0
Newsbeuter Newsbeuter 2.1
Newsbeuter Newsbeuter 2.8
Newsbeuter Newsbeuter 2.9
Newsbeuter Newsbeuter 0.3
Newsbeuter Newsbeuter 0.4
Newsbeuter Newsbeuter 0.9
Newsbeuter Newsbeuter 0.9.1
Newsbeuter Newsbeuter 2.2
Newsbeuter Newsbeuter 2.3
Newsbeuter Newsbeuter 0.7
Newsbeuter Newsbeuter 0.8
Newsbeuter Newsbeuter 1.2
Newsbeuter Newsbeuter 1.3
Newsbeuter Newsbeuter 2.6
Newsbeuter Newsbeuter 2.7
Newsbeuter Newsbeuter 0.5
Newsbeuter Newsbeuter 0.6
Newsbeuter Newsbeuter 1.0
Newsbeuter Newsbeuter 1.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2