XSS in Kde Konqueror

CVE-2007-0537

The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.018 (75.6th percentile) — read the EPSS interpretation.

Affected products

Kde Konqueror — versions 3.5.5
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (x_refsource_REDHAT, vendor-advisory)
cve@mitre.org (vendor-advisory, x_refsource_MANDRIVA)
cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
cve@mitre.org (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_OSVDB, vdb-entry)
cve@mitre.org (vendor-advisory, x_refsource_GENTOO)
cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_UBUNTU, vendor-advisory)