8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
42.8%
Severity: Medium
Date : 2016-10-07
CVE-ID : CVE-2016-7967 CVE-2016-7968
Package : messagelib
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package messagelib before version 16.08.1-2 is vulnerable to
multiple issues including cross-site scripting and insufficient
validation.
Upgrade to 16.08.1-2.
The problems have been fixed upstream but no release is available yet.
None.
KMail since version 5.3.0 used a QWebEngine based viewer that had
JavaScript enabled. Since the generated html is executed in the local
file security context by default access to remote and local URLs was
enabled.
KMail since version 5.3.0 used a QWebEngine based viewer that had
JavaScript enabled. HTML Mail contents were not sanitized for
JavaScript and included code was executed.
An attacker is able to access local or remote urls via injected
javascript.
https://www.kde.org/info/security/advisory-20161006-1.txt
https://www.kde.org/info/security/advisory-20161006-3.txt
http://seclists.org/oss-sec/2016/q4/23
https://www.kde.org/info/security/advisory-20161006-2.txt
http://seclists.org/oss-sec/2016/q4/21
https://access.redhat.com/security/cve/CVE-2016-7967
https://access.redhat.com/security/cve/CVE-2016-7968s
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | messagelib | < 16.08.1-2 | UNKNOWN |
seclists.org/oss-sec/2016/q4/21
seclists.org/oss-sec/2016/q4/23
access.redhat.com/security/cve/CVE-2016-7967
access.redhat.com/security/cve/CVE-2016-7968s
wiki.archlinux.org/index.php/CVE
www.kde.org/info/security/advisory-20161006-1.txt
www.kde.org/info/security/advisory-20161006-2.txt
www.kde.org/info/security/advisory-20161006-3.txt
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
42.8%