NewStart CGSL MAIN 7.02 : xdg-utils Vulnerability (NS-SA-2025-0195)

The remote NewStart CGSL host, running version MAIN 7.02, has xdg-utils packages installed that are affected by a vulnerability: - When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not...

CVE-2025-52968

A potential Cross-site request forgery CSRF flaw was found in xdg-utils. The xdg-open function in xdg-utils through version 1.2.1 can send requests containing SameSite=Strict cookies, facilitating a Cross-site request forgery CSRF attack vector. Mitigation Mitigation for this issue is either not...

PT-2025-26609 · Xdg-Utils +1 · Xdg-Utils +1

Name of the Vulnerable Software and Affected Versions: xdg-utils versions 1.1.0 through 1.2.1 xdg-utils version 1.2.1 Description: The issue concerns xdg-open in xdg-utils, which can send requests containing SameSite=Strict cookies. This can facilitate Cross-Site Request Forgery CSRF attacks. The...

Medium: xdg-utils

Issue Overview: A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches...

CVE-2014-9622

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open...

CVE-2014-9622

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open...

CVE-2008-0386

Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to 1 xdg-open or 2 xdg-email...