Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Mark Pilgrim
  • Feedparser

Configuration 1 [-]

cpe:2.3:a:mark_pilgrim:feedparser:5.0:*:*:*:*:*:*:*

No data.

References
Link Providers
http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.html cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/14/18 cve-icon cve-icon
http://openwall.com/lists/oss-security/2011/03/15/11 cve-icon cve-icon
http://secunia.com/advisories/43730 cve-icon cve-icon
http://secunia.com/advisories/44074 cve-icon cve-icon
http://support.novell.com/security/cve/CVE-2011-1158.html cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2011:082 cve-icon cve-icon
http://www.securityfocus.com/bid/46867 cve-icon cve-icon
https://bugzilla.novell.com/show_bug.cgi?id=680074 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=684877 cve-icon cve-icon
https://code.google.com/p/feedparser/issues/detail?id=255 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-04-11T18:00:00

Updated: 2024-08-06T22:14:27.839Z

Reserved: 2011-03-03T00:00:00

Link: CVE-2011-1158

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-04-11T18:55:03.603

Modified: 2011-08-24T03:16:36.257

Link: CVE-2011-1158

cve-icon Redhat

No data.