GHSA-3V85-FQVH-7RXF: GHSA-3V85-FQVH-7RXF: Stored Cross-Site Scripting in Ech0 RSS Feed Generation

1 / 2

GHSA-3V85-FQVH-7RXF: GHSA-3V85-FQVH-7RXF: Stored Cross-Site Scripting in Ech0 RSS Feed Generation

DEV Community·CVE Reports·25 days ago

#fRCeXpEk

#security #cve #cybersecurity #ghsa #ech0 #stored

Reading 0:00

15s threshold

GHSA-3V85-FQVH-7RXF: Stored Cross-Site Scripting in Ech0 RSS Feed Generation Vulnerability ID: GHSA-3V85-FQVH-7RXF CVSS Score: 5.3 Published: 2026-05-07 A stored Cross-Site Scripting (XSS) vulnerability exists in the Ech0 project's RSS feed generation component. The application fails to properly escape user-supplied tags and Markdown content before reflecting them in the /rss endpoint, allowing arbitrary JavaScript execution in vulnerable RSS readers. TL;DR Ech0 renders unescaped user input into its public RSS feed, permitting stored XSS attacks when users read the feed.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-3V85-FQVH-7RXF: GHSA-3V85-FQVH-7RXF: Stored Cross-Site Scripting in Ech0 RSS Feed Generation