CVE-2007-0537

CWE-79 — Cross-site Scripting (XSS)8 documents6 sources

Severity

2.6LOW

EPSS

4.1%

top 11.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE Konqueror

Timeline

PublishedJan 29

Latest updateMay 1

Description

The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDkde/konqueror3.5.5

🔴Vulnerability Details

GHSA

GHSA-qpw4-qr5r-cjxc: The KDE HTML library (kdelibs), as used by Konqueror 3↗2022-05-01

▶

CVEList

CVE-2007-0537: The KDE HTML library (kdelibs), as used by Konqueror 3↗2007-01-29

▶

📋Vendor Advisories

Ubuntu

KDE library vulnerability↗2007-02-06

▶

Red Hat

konqueror XSS↗2007-01-24

▶

💬Community

Bugzilla

CVE-2007-0537 konqueror XSS↗2007-02-22

▶

Bugzilla

CVE-2007-0537 Konqueror improper HTML comment rendering↗2007-01-30

▶

Bugzilla

CVE-2007-0537 Konqueror improper HTML comment rendering↗2007-01-30

▶