PYSEC-2011-21

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/feedparser/PYSEC-2011-21.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2011-21
Aliases
Published
2011-04-11T18:55:00Z
Modified
2023-11-08T03:56:58.969925Z
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI.

References

Affected packages

PyPI / feedparser

Package

Name
feedparser
View open source insights on deps.dev
Purl
pkg:pypi/feedparser

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.1

Affected versions

4.*

4.1

5.*

5.0