CVE-2014-8600: XSS
First published: Mon Dec 08 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Urs Wolfer Kwebkitpart | <=1.3.3 | |
| Kde Kde-runtime | <=4.14.2 | |
| KDE kio-extras | <=5.1.1 | |
| openSUSE openSUSE | =13.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/urs wolfer
- canonical/urs wolfer kwebkitpart
- version/urs wolfer kwebkitpart/1.3.3
- vendor/kde
- canonical/kde kde-runtime
- version/kde kde-runtime/4.14.2
- canonical/kde kio-extras
- version/kde kio-extras/5.1.1
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/13.1