“A javascript code injection is possible from an RSS feed (e.g. from a blog on blogspot) into the ‘Feedly’ Android App. The android app does not sanitize javascript codes and interpretes them as codes. As a result, allows potential attackers to perform javascript code executions on victim’s Feedly android app session via a crafted blogpost. However, the pre-requisite for such an attack to be possible is that the user must have subscribed (RSS) to the site. In other words, attacks can take place only when user browses the RSS-subscribed site’s contents via the Feedly android app.”
</script>
<button >.href=’http:/
<but
“Upon clicking on ‘BreakToProtect’s button’, user will be redirected to another site. As per proof-of-concept, a fake URL link ‘http://www.potentially-malicious.site/’ was used instead.”
Since the start of the year, Google released an update to fix the fifth actively…
CERT Polska warns of a large-scale malware campaign against Polish government institutions conducted by Russia-linked…
Citrix urges customers to manually address a PuTTY SSH client flaw that could allow attackers…
Dell disclosed a security breach that exposed millions of customers' names and physical mailing addresses.…
Threat actors exploit recently disclosed Ivanti Connect Secure (ICS) vulnerabilities to deploy the Mirai botnet.…
Cybersecurity firm Zscaler is investigating claims of a data breach after hackers offered access to…
This website uses cookies.