Mandriva Linux Security Advisory 2011-082 - Multiple vulnerabilities have been found and corrected in python-feedparser. Cross-site scripting vulnerability in feedparser.py in Universal Feed Parser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas. feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service via a malformed DOCTYPE declaration. Cross-site scripting vulnerability in feedparser.py in Universal Feed Parser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments. Cross-site scripting vulnerability in feedparser.py in Universal Feed Parser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI. The updated packages have been patched to correct these issues.
e71a73bc07b958a000011bac9bf9924d0241b15dd54914ceb4ddfebd3a0a6670
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed