Moderate severityNVD Advisory· Published Apr 11, 2011· Updated Apr 29, 2026
CVE-2011-1157
CVE-2011-1157
Description
Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
feedparserPyPI | >= 5.0, < 5.0.1 | 5.0.1 |
Affected products
1- cpe:2.3:a:mark_pilgrim:feedparser:5.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- openwall.com/lists/oss-security/2011/03/14/18nvdPatchWEB
- openwall.com/lists/oss-security/2011/03/15/11nvdPatchWEB
- bugzilla.novell.com/show_bug.cginvdExploitPatchWEB
- bugzilla.redhat.com/show_bug.cginvdExploitPatchWEB
- code.google.com/p/feedparser/issues/detailnvdExploitPatchWEB
- secunia.com/advisories/43730nvdVendor Advisory
- secunia.com/advisories/44074nvdVendor Advisory
- github.com/advisories/GHSA-2p78-8hh6-96xcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-1157ghsaADVISORY
- lists.opensuse.org/opensuse-updates/2011-04/msg00026.htmlnvdWEB
- support.novell.com/security/cve/CVE-2011-1157.htmlnvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/feedparser/PYSEC-2011-20.yamlghsaWEB
- web.archive.org/web/20210121212051/https://www.securityfocus.com/bid/46867ghsaWEB
- web.archive.org/web/20240723030532/https://tuxedo.org/mandriva/ghsaWEB
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/46867nvd
News mentions
0No linked articles in our index yet.