Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1157

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-1157
Last Modified 23 Aug 2011 11:16:36
Published 11 Apr 2011 02:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1157

Summary

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments.

Vulnerable Systems

Application

  • Mark Pilgrim Feedparser 5.0


References

CONFIRM - https://code.google.com/p/feedparser/issues/detail?id=254

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=684877

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=680074

MLIST - [oss-security] 20110315 Re: CVE request for python-feedparser

MLIST - [oss-security] 20110314 CVE request for python-feedparser

BID - 46867

MANDRIVA - MDVSA-2011:082

CONFIRM - http://support.novell.com/security/cve/CVE-2011-1157.html

SECUNIA - 44074

SECUNIA - 43730

MLIST - [opensuse-updates] 20110408 openSUSE-SU-2011:0314-1 (moderate): python-feedparser security update


Last Updated: 27 May 2016 10:56:12