Cross-Site Scripting Vulnerability in KMail Email Client by KDE
CVE-2016-7968

6.5MEDIUM

Key Information:

Vendor: Kde
Status: Kmail
Vendor: CVE Published:; 23 December 2016

What is CVE-2016-7968?

KMail versions beginning with 5.3.0 incorporate a QWebEngine-based viewer that does not sanitize HTML content for JavaScript. This oversight allows malicious HTML emails to execute harmful JavaScript code within the KMail application, potentially compromising user security and data integrity.

References

http://www.securityfocus.com/bid/93360

vdb-entryx_refsource_BID

http://www.openwall.com/lists/oss-security/2016/10/05/1

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2016
Vulnerability Reserved
Sep 9, 2016

CVE-2016-7968 Data

JSON

Kde

What is CVE-2016-7968?

References

CVSS V3.1

Timeline