Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

Computer & Web Vulnerabilities


Feed2JS v1.7 XSS (Cross-site Scripting) Web Security Vulnerabilities

Exploit Title: Feed2JS v1.7 magpie_debug.php? &url parameter XSS Security Vulnerabilities

Product: Feed2JS

Vendor: feed2js.org

Vulnerable Versions: v1.7

Tested Version: v1.7

Advisory Publication: May 09, 2015

Latest Update: May 09, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

Proposition Details:

(1) Vendor & Product Description:



Product & Vulnerable Versions:



Vendor URL & Download:

Feed2JS can be downloaded from here,


Source code:


Product Introduction Overview:

“What is “Feed to JavaScript? An RSS Feed is a dynamically generated summary (in XML format) of information or news published on other web sites- so when the published RSS changes, your web…

View original post 431 more words

About essaybeans

Getting realistic and idealistic at the same time.
This entry was posted in Computer & Web Technology and tagged , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s