CVE-2011-1168Cross-site Scripting in SC

CWE-79Cross-site Scripting10 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
1.4%
top 19.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
KDE SC
Timeline
PublishedApr 18
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDkde/kde_sc15 versions+14

🔴Vulnerability Details

3
GHSA
GHSA-85gj-974c-3vjj: Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part2022-05-14
OSV
CVE-2011-1168: Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part2011-04-18
CVEList
CVE-2011-1168: Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part2011-04-18

📋Vendor Advisories

4
Red Hat
BSD compress LZW decoder buffer overflow2011-08-10
Red Hat
David Koblas' GIF decoder LZW decoder buffer overflow2011-08-10
Ubuntu
KDE-Libs vulnerabilities2011-04-14
Red Hat
kdelibs: partially universal XSS in Konqueror error pages2011-04-11

💬Community

2
Bugzilla
CVE-2006-1168 busybox: uncompress buffer underflow2011-08-05
Bugzilla
CVE-2011-1168 kdelibs: partially universal XSS in Konqueror error pages2011-04-11
CVE-2011-1168 — Cross-site Scripting in KDE SC | cvebase