...Really Simple Syndication (RSS) feed may not just be serving you content, but malware, too.
The wildly popular RSS technology has become compulsory for most Websites and blogs today, but it can also provide attackers another way in. RSS Web feeds basically give users access to content from another site, without having to visit it, and provides Website operators a way to easily expand their content while also increasing their click statistics.
For attackers, RSS provides another conduit for launching cross-site scripting (XSS), cross-site request forgery (CSRF), and other Web-based exploits. "RSS is just another delivery mechanism for XSS and browser exploits,"...
Edited by quietman7, 26 February 2007 - 08:54 AM.