CVE-2009-4101

infoRSS < 1.1.4.2 - Remote Code Execution and Cross-Domain Scripting via RSS Feed Description Tag

Title source: llm
STIX 2.1

Description

infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54370
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37467
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3323

Scores

EPSS 0.0355
EPSS Percentile 87.9%

Details

CWE
CWE-20
Status published
Products (22)
didier_ernotte/inforss 0.5
didier_ernotte/inforss 0.7.7
didier_ernotte/inforss 0.8.4
didier_ernotte/inforss 0.8.7
didier_ernotte/inforss 0.8.8.1
didier_ernotte/inforss 0.8.8.2
didier_ernotte/inforss 0.8.9
didier_ernotte/inforss 0.8.9.1
didier_ernotte/inforss 0.8.9.3
didier_ernotte/inforss 0.8.9.4
... and 12 more
Published Nov 29, 2009
Tracked Since Feb 18, 2026