CVE-2009-5065
feedparser < 5.0 - Cross-Site Scripting via Nested CDATA Stanzas
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-5065. PoCs published by fazalmajid.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in python-feedparser due to improper sanitization of nested CDATA sections in RSS feeds. The PoC shows how malicious script code can be embedded within nested CDATA sections, which may execute in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in python-feedparser due to improper sanitization of nested CDATA sections in RSS feeds. The PoC shows how malicious script code can be embedded within nested CDATA sections, which may execute in the context of the affected site.