SPI Dynamics has reported some vulnerabilities in RssReader, which can be exploited by malicious people to conduct script insertion attacks.
The vulnerabilities are caused due to input validation errors in the processing of Atom and RSS feeds. This can be exploited to inject and execute arbitrary HTML and script code in context of the feed by tricking a user into adding a malicious feed and then viewing the content of it.
Solution: Do not add feeds from untrusted sources.
Provided and/or discovered by: SPI Dynamics
Original Advisory: SPI Dynamics:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com