Cross-Site Scripting Vulnerability in Konqueror from KDE
CVE-2011-1168

Currently unrated

Key Information:

Vendor: Kde
Status: Kde Sc
Vendor: CVE Published:; 18 April 2011

What is CVE-2011-1168?

A Cross-Site Scripting (XSS) vulnerability exists in the KHTMLPart::htmlError function of the Konqueror web browser, within KDE software. This flaw allows remote attackers to inject arbitrary web scripts or HTML via a malicious URL linked to an unavailable web site. Exploitation of this vulnerability can lead to unauthorized actions on behalf of users, making web browsing unsafe for individuals using affected KDE versions.

References

http://www.vupen.com/english/advisories/2011/0990

vdb-entryx_refsource_VUPEN

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://lists.opensuse.org/opensuse-security-announce/2011...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2011
Vulnerability Reserved
Mar 3, 2011

CVE-2011-1168 Data

JSON

Kde

What is CVE-2011-1168?

References

Timeline