Public CVE-2012-2632 disclosure

Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when the feed preview option is enabled, allows remote attackers to inject arbitrary web script or HTML via a feed.