Detections
Analytics

FeedDemon < 2.0.0.25 Atom Feed Active Script Code Execution

medium Nessus Plugin ID 22414

Synopsis

The remote Windows application may allow execution of arbitrary Active Script code.

Description

According to the Windows registry, the version of FeedDemon, an RSS reader for Windows, installed on the remote host is affected by a flaw due to improper sanitization of RSS feeds of Active Script code. An attacker can exploit this issue to inject arbitrary script into the affected application, which can lead to various cross-site scripting attacks.

Solution

Upgrade to FeedDemon version 2.0.0.25 or later.

See Also

https://nick.typepad.com/blog/2006/08/feed_security_a_1.html

https://nick.typepad.com/blog/2006/08/ann_feeddemon_2.html

Plugin Details

Severity: Medium

ID: 22414

File Name: feeddemon_20025.nasl

Version: 1.20

Type: local

Agent: windows

Family: Windows

Published: 9/20/2006

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/7/2006

Reference Information

CVE: CVE-2006-4710

BID: 20114