Description

WebFeed is a lightweight web feed reader extension for Firefox/Chrome. Multiple HTML injection vulnerabilities in WebFeed can lead to CSRF and UI spoofing attacks. A remote attacker can provide malicious RSS feeds and attract the victim user to visit it using WebFeed. The attacker can then inject malicious HTML into the extension page and fool the victim into sending out HTTP requests to arbitrary sites with the victim's credentials. Users are vulnerable to CSRF attacks when visiting malicious RSS feeds via WebFeed. Unwanted actions could be executed on the user's behalf on arbitrary websites. This issue has been addressed in release version 0.9.2. All users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-11-04T23:13:13.768Z

Last Modified :

2024-11-05T16:43:45.147Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-50346 vulnerability.

Vendors Products
Taoso
  • Webfeed
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-50346.

URL Resource
https://github.com/taoso/webfeed/commit/a2d1c1c3a98f30e0bd7a1bbcb746fae484985e6d cve-icon cve-icon
https://github.com/taoso/webfeed/security/advisories/GHSA-mrc7-2q3w-48j8 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability