A javascript code injection is possible from an RSS feed (e.g. from a blog on blogspot) into the ‘Feedly’ Android App. The android app does not sanitize javascript codes and interpretes them as codes. As a result, allows potential attackers to perform javascript code executions on victim’s Feedly android app session via a crafted blogpost. Feedly is a popular app available for iOS and Android, which offers an aggregation platform for content published on blogs, websites, RSS Feeds and magazines.
Read more here – http://breaktoprotect.blogspot.in/2014/04/feedly-android-application-zero-day.html