Cross-Site Scripting Vulnerability in KDE HTML Library by KDE
CVE-2007-0537

Currently unrated

Key Information:

Vendor: Kde
Status: Konqueror
Vendor: CVE Published:; 29 January 2007

What is CVE-2007-0537?

The KDE HTML library (kdelibs), utilized by servers such as Konqueror 3.5.5, inadequately handles the parsing of HTML comments. This flaw enables remote attackers to execute Cross-Site Scripting (XSS) attacks. By embedding specific HTML tags within a comment in a title tag, attackers can circumvent certain XSS protection mechanisms, posing a significant web security risk.

References

http://www.redhat.com/support/errata/RHSA-2007-0909.html

vendor-advisoryx_refsource_REDHAT

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://secunia.com/advisories/24889

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 29, 2007
Vulnerability Reserved
Jan 29, 2007

CVE-2007-0537 Data

JSON

Kde

What is CVE-2007-0537?

References

Timeline