CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
81.8%
Severity: Medium
Date : 2016-10-07
CVE-ID : CVE-2016-7966
Package : kcoreaddons
Type : insufficient validation
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package kcoreaddons before version 5.26.0-2 is vulnerable to
insufficient validation.
Upgrade to 5.26.0-2.
The problem has been fixed upstream but no release is available yet.
None.
Through a malicious URL that contained a quote character it was
possible to inject HTML code in KMail’s plain text viewer. Due to the
parser used on the URL it was not possible to include the equal sign
(=) or a space into the injected HTML, which greatly reduces the
available HTML functionality. Although it is possible to include an
HTML comment indicator to hide content.
A remote attacker is able to inject HTML code in KMail’s plain text
viewer.
https://www.kde.org/info/security/advisory-20161006-1.txt
http://seclists.org/oss-sec/2016/q4/23
https://access.redhat.com/security/cve/CVE-2016-7966
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | kcoreaddons | < 5.26.0-2 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
81.8%