FeedDemon < Atom Feed Active Script Code Execution

Medium Nessus Plugin ID 22414


The remote Windows application may allow execution of arbitrary Active Script code.


According to the Windows registry, the version of FeedDemon, an RSS reader for Windows, installed on the remote host is affected by a flaw due to improper sanitization of RSS feeds of Active Script code. An attacker can exploit this issue to inject arbitrary script into the affected application, which can lead to various cross-site scripting attacks.


Upgrade to FeedDemon version or later.

See Also



Plugin Details

Severity: Medium

ID: 22414

File Name: feeddemon_20025.nasl

Version: $Revision: 1.18 $

Type: local

Agent: windows

Family: Windows

Published: 2006/09/20

Modified: 2016/12/08

Dependencies: 13855, 10263

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:C


Base Score: 4.3

Temporal Score: 4.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:U/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2006/08/07

Reference Information

CVE: CVE-2006-4710

BID: 20114

OSVDB: 28959