CVE-2007-0537
published 2007-01-29CVE-2007-0537: The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site…
PriorityP410low2.6CVSS 2.0
AVNACHAuNCNIPAN
EPSS
1.80%
75.7th percentile
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kde | konqueror | — | — |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
KDE library vulnerability
vendor_ubuntu·2007-02-06
CVE-2007-0537 KDE library vulnerability
Title: KDE library vulnerability
Summary: KDE library vulnerability
Jose Avila III and Robert Tasarz discovered that the KDE HTML library
did not correctly parse HTML comments inside the "title" tag. By
tricking a Konqueror user into visiting a malicious website, an attacker
could bypass cross-site scripting protections.
Instructions: After a standard system upgrade you need to restart your session to
effect the necessary changes.
Red Hat
konqueror XSS
vendor_redhat·2007-01-24·CVSS 4.3
CVE-2007-0537 [MEDIUM] CWE-79 konqueror XSS
konqueror XSS
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.
Statement: The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
https://access.redhat.com/security/updates/classification/
GHSA
GHSA-qpw4-qr5r-cjxc: The KDE HTML library (kdelibs), as used by Konqueror 3
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-0537 [MEDIUM] CWE-79 GHSA-qpw4-qr5r-cjxc: The KDE HTML library (kdelibs), as used by Konqueror 3
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-0537 konqueror XSS
bugzilla·2007-02-22·CVSS 4.3
CVE-2007-0537 [MEDIUM] CVE-2007-0537 konqueror XSS
CVE-2007-0537 konqueror XSS
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly
parse HTML comments, which allows remote attackers to conduct cross-site
scripting (XSS) attacks and bypass some XSS protection schemes by embedding
certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.
Discussion:
Official KDE security advisory with reference to upstream patch:
http://www.kde.org/info/security/advisory-20070206-1.txt
---
it's fixed in kdelibs-3.3.1-9.el4/kdelibs-3.5.4-13.el5
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2007-0909.html ((RHEL4, RHEL5)
Fedora:
updated to fixed upstream version
Bugzilla
CVE-2007-0537 Konqueror improper HTML comment rendering
bugzilla·2007-01-30·CVSS 2.6
CVE-2007-0537 [LOW] CVE-2007-0537 Konqueror improper HTML comment rendering
CVE-2007-0537 Konqueror improper HTML comment rendering
+++ This bug was initially created as a clone of Bug #225414 +++
A flaw was reported in the way Konqueror processes HTML which contains a comment
used in a certain manner. It is possible to conduct a cross site scripting flaw
on sites that allow a user to enter HTML comments, which Konqueror will then
parse incorrectly, causing the site to display unintended content.
-- Additional comment from [email protected] on 2007-01-30 10:25 EST --
Created an attachment (id=146918)
Demo HTML file. This file should not display an alert dialog.
This flaw also affects FC5
Discussion:
it's fixed in kdelibs-3.5.6-0.3.fc6
Bugzilla
CVE-2007-0537 Konqueror improper HTML comment rendering
bugzilla·2007-01-30·CVSS 2.6
CVE-2007-0537 [LOW] CVE-2007-0537 Konqueror improper HTML comment rendering
CVE-2007-0537 Konqueror improper HTML comment rendering
A flaw was reported in the way Konqueror processes HTML which contains a comment
used in a certain manner. It is possible to conduct a cross site scripting flaw
on sites that allow a user to enter HTML comments, which Konqueror will then
parse incorrectly, causing the site to display unintended content.
Discussion:
Created attachment 146918
Demo HTML file. This file should not display an alert dialog.
---
This flaw also affects RHEL3. I was unable to reproduce this flaw on RHEL2.1
---
I'm lowering the severity of this flaw to low. Dirk Mueller clarified this
flaw. It only affects placing comments in the HTML tags. This
significantly reduces the usefulness of this flaw.
---
I'm moving this bug to cover RHEL5, which means that
http://osvdb.org/32975http://secunia.com/advisories/23932http://secunia.com/advisories/24013http://secunia.com/advisories/24065http://secunia.com/advisories/24442http://secunia.com/advisories/24463http://secunia.com/advisories/24889http://secunia.com/advisories/27108http://securitytracker.com/id?1017591http://www.gentoo.org/security/en/glsa/glsa-200703-10.xmlhttp://www.kde.org/info/security/advisory-20070206-1.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2007:031http://www.mandriva.com/security/advisories?name=MDKSA-2007:157http://www.novell.com/linux/security/advisories/2007_6_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0909.htmlhttp://www.securityfocus.com/archive/1/457924/100/0/threadedhttp://www.securityfocus.com/bid/22428http://www.ubuntu.com/usn/usn-420-1http://www.vupen.com/english/advisories/2007/0505https://issues.rpath.com/browse/RPL-1117https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10244http://osvdb.org/32975http://secunia.com/advisories/23932http://secunia.com/advisories/24013http://secunia.com/advisories/24065http://secunia.com/advisories/24442http://secunia.com/advisories/24463http://secunia.com/advisories/24889http://secunia.com/advisories/27108http://securitytracker.com/id?1017591http://www.gentoo.org/security/en/glsa/glsa-200703-10.xmlhttp://www.kde.org/info/security/advisory-20070206-1.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2007:031http://www.mandriva.com/security/advisories?name=MDKSA-2007:157http://www.novell.com/linux/security/advisories/2007_6_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0909.htmlhttp://www.securityfocus.com/archive/1/457924/100/0/threadedhttp://www.securityfocus.com/bid/22428http://www.ubuntu.com/usn/usn-420-1http://www.vupen.com/english/advisories/2007/0505https://issues.rpath.com/browse/RPL-1117https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10244
2007-01-29
Published