2025-06-04 19:42:15
GitHub_M
PUBLISHED
FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, its possible to run arbitrary JavaScript on the feeds page. This occurs by combining a cross-site scripting (XSS) issue that occurs in `f.php` when SVG favicons are downloaded from an attacker-controlled feed containing `