CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
82.4%
infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
Vendor | Product | Version | CPE |
---|---|---|---|
didier_ernotte | inforss | * | cpe:2.3:a:didier_ernotte:inforss:*:*:*:*:*:*:*:* |
didier_ernotte | inforss | 0.5 | cpe:2.3:a:didier_ernotte:inforss:0.5:*:*:*:*:*:*:* |
didier_ernotte | inforss | 0.7.7 | cpe:2.3:a:didier_ernotte:inforss:0.7.7:*:*:*:*:*:*:* |
didier_ernotte | inforss | 0.8.4 | cpe:2.3:a:didier_ernotte:inforss:0.8.4:*:*:*:*:*:*:* |
didier_ernotte | inforss | 0.8.7 | cpe:2.3:a:didier_ernotte:inforss:0.8.7:*:*:*:*:*:*:* |
didier_ernotte | inforss | 0.8.8.1 | cpe:2.3:a:didier_ernotte:inforss:0.8.8.1:*:*:*:*:*:*:* |
didier_ernotte | inforss | 0.8.8.2 | cpe:2.3:a:didier_ernotte:inforss:0.8.8.2:*:*:*:*:*:*:* |
didier_ernotte | inforss | 0.8.9 | cpe:2.3:a:didier_ernotte:inforss:0.8.9:*:*:*:*:*:*:* |
didier_ernotte | inforss | 0.8.9.1 | cpe:2.3:a:didier_ernotte:inforss:0.8.9.1:*:*:*:*:*:*:* |
didier_ernotte | inforss | 0.8.9.3 | cpe:2.3:a:didier_ernotte:inforss:0.8.9.3:*:*:*:*:*:*:* |