Bugtraq mailing list archives
Re: [Full-disclosure] Medium severity flaw in Konqueror
From: Tim Brown <timb () nth-dimension org uk>
Date: Tue, 12 Apr 2011 09:20:26 +0100
On Tuesday 12 April 2011 03:36:24 Vincent Danen wrote:
* [2011-04-11 22:07:24 +0100] Tim Brown wrote:I was recently taking a look at Konquerer and spotted an example of universal XSS. Essentially, the error page displayed when a requested URL is not available includes said URL. If said URL includes HTML fragments these will be rendered. CVE-2010-2952 has been assigned to this issue.Actually, CVE-2011-1168 was assigned to this issue as noted in the upstream advisory: http://www.kde.org/info/security/advisory-20110411-1.txt
Hi Vincent, You're quite right, not sure how the wrong CVE ended up in the email. That's a different CVE for another of my advisories :/. Tim -- Tim Brown <mailto:timb () nth-dimension org uk> <http://www.nth-dimension.org.uk/>
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Medium severity flaw in Konqueror Tim Brown (Apr 12)
- Re: [Full-disclosure] Medium severity flaw in Konqueror Vincent Danen (Apr 12)
- Re: [Full-disclosure] Medium severity flaw in Konqueror Tim Brown (Apr 12)
- Re: [Full-disclosure] Medium severity flaw in Konqueror Vincent Danen (Apr 12)