JVN#33218020
Feed2JS cross-site scripting vulnerability
Overview
Feed2JS (Feed to JavaScript), an open source web application, contains a cross-site scripting vulnerability.
Products Affected
- Feed2JS 1.91 and earlier
Description
Feed2JS (Feed to JavaScript) is an open source web application which converts RSS feeds into JavaScript.
Feed2JS contains a cross-site scripting vulnerability.
Impact
An attacker could execute an arbitrary script on the user's web browser.
Solution
Update the Software
Apply the latest updates provided by the developer.
For more information, refer to the developer's website.
Vendor Status
| Vendor | Link |
| Feed2JS |
Minor Patch 2007-11-13 |
|
Feed2JS -- So What is "Feed to JavaScript"? |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2007.11.20
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | Routed - can be attacked over the Internet using packets |
|
| Authentication | None - anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | Simple - the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file |
|
| Exploit Complexity | Low - little to no expertise and/or luck required to exploit (cross-site scripting) |
|
Credit
Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2007-000806 |