[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-0537Date: (C)2007-01-29   (M)2023-12-22


The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.6
Exploit Score: 4.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1017591
http://www.securityfocus.com/archive/1/457924/100/0/threaded
BID-22428
SECUNIA-23932
SECUNIA-24013
SECUNIA-24065
SECUNIA-24442
SECUNIA-24463
SECUNIA-24889
SECUNIA-27108
OSVDB-32975
ADV-2007-0505
GLSA-200703-10
MDKSA-2007:031
MDKSA-2007:157
RHSA-2007:0909
SUSE-SR:2007:006
USN-420-1
http://www.kde.org/info/security/advisory-20070206-1.txt
https://issues.rpath.com/browse/RPL-1117
oval:org.mitre.oval:def:10244

CWE    1
CWE-79

© SecPod Technologies