CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
52.7%
QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data:
URIs in Refresh and Location headers in HTTP responses, which allows remote
attackers to conduct cross-site scripting (XSS) attacks via vectors related
to (1) injecting a Refresh header that contains a javascript: URI, (2)
entering a javascript: URI when specifying the content of a Refresh header,
(3) injecting a Refresh header that contains JavaScript sequences in a
data:text/html URI, (4) entering a data:text/html URI with JavaScript
sequences when specifying the content of a Refresh header, (5) injecting a
Location header that contains JavaScript sequences in a data:text/html URI,
or (6) entering a data:text/html URI with JavaScript sequences when
specifying the content of a Location header.
Author | Note |
---|---|
mdeslaur | debian says: This is a web site issue (open redirector), not a browser problem. |