Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0527

5 documents5 sources

Severity

5.0MEDIUM

EPSS

2.8%

top 13.83%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

KDE Konqueror

Timeline

PublishedAug 6

Latest updateApr 29

Description

KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDkde/konqueror12 versions+11

🔴Vulnerability Details

GHSA

GHSA-rqvg-7gx6-q335: KDE Konqueror 2↗2022-04-29

▶

CVEList

CVE-2004-0527: KDE Konqueror 2↗2004-06-08

▶

💥Exploits & PoCs

Exploit-DB

KDE Konqueror 3.x - Embedded Image URI Obfuscation↗2004-05-18

▶