4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
39.5%
qutebrowser version introduced in v0.11.0
(1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting
(XSS) vulnerability in history command, qute://history page that can result
in Via injected JavaScript code, a website can steal the user’s browsing
history. This attack appear to be exploitable via the victim must open a
page with a specially crafted <title> attribute, and then open the
qute://history site via the :history command. This vulnerability appears to
have been fixed in fixed in v1.3.3
(4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0
(5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | qutebrowser | < any | UNKNOWN |
github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7
github.com/qutebrowser/qutebrowser/commit/5a7869f2feaa346853d2a85413d6527c87ef0d9f
github.com/qutebrowser/qutebrowser/issues/4011
launchpad.net/bugs/cve/CVE-2018-1000559
nvd.nist.gov/vuln/detail/CVE-2018-1000559
security-tracker.debian.org/tracker/CVE-2018-1000559
www.cve.org/CVERecord?id=CVE-2018-1000559
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
39.5%