CVE-2007-5161

I-systems. Feedreader - XSS

Title source: rule

Description

Cross-zone scripting vulnerability in the internal browser in i-Systems Feedreader 3.10 allows remote attackers to inject arbitrary web script or HTML via an item in a feed, as demonstrated by a WordPress blog update. NOTE: this was originally reported as XSS.

References (9)

[Mailing List] http://marc.info/?l=full-disclosure&m=119115897930583&w=2

[Third Party Advisory, VDB Entry] http://osvdb.org/37409

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36863

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/480998/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/481208/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25849

[Third Party Advisory] http://secunia.com/advisories/26996

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3316

[Third Party Advisory] http://securityreason.com/securityalert/3183

Scores

EPSS 0.0067

EPSS Percentile 71.2%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

i-systems_inc./feedreader

Timeline

Published Oct 01, 2007

Tracked Since Feb 18, 2026