PYSEC-2011-18

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/feedparser/PYSEC-2011-18.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2011-18
Aliases
Published
2011-04-11T18:55:00Z
Modified
2023-11-08T03:56:54.862482Z
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.

References

Affected packages

PyPI / feedparser

Package

Name
feedparser
View open source insights on deps.dev
Purl
pkg:pypi/feedparser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0

Affected versions

4.*

4.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/feedparser/PYSEC-2011-18.yaml"