CVE-2006-4760 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.

Reference

http://downloads.sourceforge.net/project/rssowl/rssowl20classic201.02028do20not20use29/1.2.3/rssowl_1_2_3_src.zip http://secunia.com/advisories/21958 http://www.cgisecurity.com/papers/RSS-Security.ppt http://www.securityfocus.com/bid/20110 http://www.vupen.com/english/advisories/2006/3685 https://exchange.xforce.ibmcloud.com/vulnerabilities/29049