FeedDemon < 18.104.22.168 Atom Feed Active Script Code Execution
Medium Nessus Plugin ID 22414
SynopsisThe remote Windows application may allow execution of arbitrary Active Script code.
DescriptionAccording to the Windows registry, the version of FeedDemon, an RSS reader for Windows, installed on the remote host is affected by a flaw due to improper sanitization of RSS feeds of Active Script code. An attacker can exploit this issue to inject arbitrary script into the affected application, which can lead to various cross-site scripting attacks.
SolutionUpgrade to FeedDemon version 22.214.171.124 or later.