Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-420-1
HistoryFeb 06, 2007 - 12:00 a.m.

KDE library vulnerability

2007-02-0600:00:00
ubuntu.com
29

5.6 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.037 Low

EPSS

Percentile

91.7%

JSON

Releases

  • Ubuntu 6.10
  • Ubuntu 6.06
  • Ubuntu 5.10

Details

Jose Avila III and Robert Tasarz discovered that the KDE HTML library
did not correctly parse HTML comments inside the “title” tag. By
tricking a Konqueror user into visiting a malicious website, an attacker
could bypass cross-site scripting protections.

OSVersionArchitecturePackageVersionFilename
Ubuntu6.10noarchkdelibs4c2a< 4:3.5.5-0ubuntu3.1UNKNOWN
Ubuntu6.06noarchkdelibs4c2a< 4:3.5.2-0ubuntu18.2UNKNOWN
Ubuntu5.10noarchkdelibs4c2< 4:3.4.3-0ubuntu2.2UNKNOWN

Related

openvas 9
veracode 1
nessus 10
ubuntucve 1
securityvulns 1
cve 1
gentoo 1
prion 1
centos 1
redhat 1
oraclelinux 1
openvas
openvas
Ubuntu Update for kdelibs vulnerability USN-420-1
2009-03-23 00:00:00
Ubuntu: Security Advisory (USN-420-1)
2009-03-23 00:00:00
Mandriva Update for kdelibs MDKSA-2007:031 (kdelibs)
2009-04-09 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 00:18:44
nessus
nessus
Ubuntu 5.10 / 6.06 LTS / 6.10 : kdelibs vulnerability (USN-420-1)
2007-11-10 00:00:00
Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:031)
2007-02-18 00:00:00
openSUSE 10 Security Update : kdelibs3 (kdelibs3-3058)
2007-10-17 00:00:00
ubuntucve
ubuntucve
CVE-2007-0537
2007-01-29 00:00:00
securityvulns
securityvulns
Apple Safari / Konqueror SCRIPT tag filtering bypass
2007-01-24 00:00:00
cve
cve
CVE-2007-0537
2007-01-29 16:28:00
gentoo
gentoo
KHTML: Cross-site scripting (XSS) vulnerability
2007-03-10 00:00:00
prion
prion
Cross site scripting
2007-01-29 16:28:00
centos
centos
kdelibs security update
2007-10-08 18:49:50
redhat
redhat
(RHSA-2007:0909) Moderate: kdelibs security update
2007-10-08 00:00:00
oraclelinux
oraclelinux
Moderate: kdelibs security update
2007-10-08 00:00:00

5.6 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.037 Low

EPSS

Percentile

91.7%

JSON
Related for USN-420-1
openvas9veracode1nessus10ubuntucve1securityvulns1cve1gentoo1prion1centos1redhat1oraclelinux1