CVE-2009-5065

GHSA-3mwg-gp5g-fv3q, CVE-2009-5065

pypi/feedparser

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.

All versions up to 4.1

Upgrade to version 5.0 or above.

2022-06-19