XSS in Kde Konqueror

CVE-2009-4976

Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vul…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.011 (59.8th percentile) — read the EPSS interpretation.

Affected products

Kde Konqueror
Urs_wolfer Kwebkitpart — versions 0.9.6
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM, Patch)
cve@mitre.org (x_refsource_CONFIRM, Patch)