qutebrowser is vulnerable to cross-site scripting attacks. The attacks exists in the history command, qute://history
page through which an attacker can inject malicious Javascript to steal a user’s browsing history when the user visits a page with an html input element as it’s title.
CPE | Name | Operator | Version |
---|---|---|---|
qutebrowser | le | 1.2.1 | |
qutebrowser | le | 1.3.2 |