2 matches found
CVE-2009-3015
QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Refresh header that contains a javascript: URI, 2...
CVE-2009-3015
QtWeb 3.0 Builds 001 and 003 do not properly block javascript: and data: URIs in Refresh and Location headers, allowing potential XSS via crafted header values (six enumerated vectors). Affected component: HTTP response header handling. Root cause: failure to block dangerous URIs in headers. Expl...