CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
70.4%
Albert Aastals Cid reports:
kwebkitpart and the bookmarks:// io slave were not sanitizing
input correctly allowing to some javascript being executed on the
context of the referenced hostname.
Whilst in most cases, the JavaScript will be executed in an
untrusted context, with the bookmarks IO slave, it will be executed
in the context of the referenced hostname. It should however be
noted that KDE mitigates this risk by attempting to ensure that
such URLs cannot be embedded directly into Internet hosted
content.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | kde-runtime | < 4.14.2_2 | UNKNOWN |
FreeBSD | any | noarch | kwebkitpart | < 1.3.2_4 | UNKNOWN |