REDHAT-BUG-695398: XSS
First published: Mon Apr 11 2011(Updated: )
It was reported [1] that Konqueror in KDE 4.4.0 through to and including 4.6.1 is vulnerable to a partially universal XSS in error pages. When Konqueror cannot fetch a requested URL, it renders an error page that contains the given URL. If the URL were to contain JavaScript or HTML code, the code is also rendered which could allow for a user to be tricked into visiting a malicious web site or to provide credentials to an untrusted party. Patches are available for the 4.4, 4.5, and 4.6 branches, linked to from the upstream security advisory. [1] <a href="http://www.kde.org/info/security/advisory-20110411-1.txt">http://www.kde.org/info/security/advisory-20110411-1.txt</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Konqueror | >=4.4.0<=4.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kde.org/info/security/advisory-20110411-1.txt
- http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc
- https://projects.kde.org/projects/kde/kdelibs/repository/revisions/aaa8c42
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=695398#c0
- https://rhn.redhat.com/errata/RHSA-2011-0464.html
- https://bugzilla.redhat.com/show_bug.cgi?id=695398
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1168
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/kde
- canonical/konqueror