6 matches found
Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:157)
The KDE HTML library kdelibs, as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting XSS attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to...
Gentoo Security Advisory GLSA 200703-10 (kdelibs)
The remote host is missing updates announced in advisory GLSA 200703-10. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Mac OS X Multiple Vulnerabilities (Security Update 2007-007)
The remote host is running a version of Mac OS X 10.4 or 10.3 which does not have the security update 2007-007 applied. This update contains several security fixes for the following programs : - bzip2 - CFNetwork - CoreAudio - cscope - gnuzip - iChat - Kerberos - mDNSResponder - PDFKit - PHP -...
Cross site scripting
The KDE HTML library kdelibs, as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting XSS attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to...
CVE-2007-0537
CVE-2007-0537 affects KDE kdelibs (used by Konqueror 3.5.5); the vulnerability arises from improper parsing of HTML comments, enabling remote XSS and bypassing some protections by embedding certain tags within a comment in a title tag. Documented in multiple advisories (Mandrake/MDKSA, RHSA, Open...
CVE-2007-0478
CVE-2007-0478 affects Apple Mac OS X 10.3.9/10.4.10 as used by Safari. WebCore parses HTML comments in TITLE elements incorrectly, allowing remote attackers to bypass some XSS protections and embed certain HTML tags within a comment to trigger cross-site scripting. The vulnerability is documented...