RSS   Vulnerabilities for 'Inforss'   RSS

2009-11-29
 
CVE-2009-4101

CWE-20
 

 
infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.

 


Copyright 2024, cxsecurity.com

 

Back to Top