CVE-2016-7966

2016-12-23T17:59:00
ID CVE-2016-7966
Type cve
Reporter NVD
Modified 2016-12-27T13:42:23

Description

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.