Bugtraq mailing list archives
Medium severity flaw in Konqueror
From: Tim Brown <timb () nth-dimension org uk>
Date: Mon, 11 Apr 2011 22:07:24 +0100
I was recently taking a look at Konquerer and spotted an example of universal XSS. Essentially, the error page displayed when a requested URL is not available includes said URL. If said URL includes HTML fragments these will be rendered. CVE-2010-2952 has been assigned to this issue. Tim -- Tim Brown <mailto:timb () nth-dimension org uk> <http://www.nth-dimension.org.uk/>
Attachment:
NDSA20110321.txt.asc
Description:
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Medium severity flaw in Konqueror Tim Brown (Apr 12)
- Re: [Full-disclosure] Medium severity flaw in Konqueror Vincent Danen (Apr 12)
- Re: [Full-disclosure] Medium severity flaw in Konqueror Tim Brown (Apr 12)
- Re: [Full-disclosure] Medium severity flaw in Konqueror Vincent Danen (Apr 12)