CVE-2004-1158

6 documents5 sources

Severity

7.5HIGH

EPSS

3.9%

top 11.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE Konqueror Mandrakesoft Mandrake Linux Redhat Fedora Core

Timeline

PublishedJan 10

Latest updateApr 29

Description

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDkde/konqueror22 versions+21

▶NVDredhat/fedora_corecore_2.0, core_3.0+1

▶NVDmandrakesoft/mandrake_linux10.0, 10.1+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-8m3g-xh55-wc3f: Konqueror 3↗2022-04-29

▶

CVEList

CVE-2004-1158: Konqueror 3↗2004-12-10

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-12-08

▶

💬Community

Bugzilla

CVE-2004-1158 security flaw↗2018-08-16

▶