EPSS
Percentile
29.2%
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.
bugzilla.redhat.com/show_bug.cgi?id=1382293
www.kde.org/info/security/advisory-20161006-3.txt