CVE-2016-7966
published 2016-12-23CVE-2016-7966: Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it…
high7.3CVSS 3.0
AVNACLPRNUINSUCLILAL
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | kcoreaddons | < kcoreaddons 5.26.0-3 (bookworm) | kcoreaddons 5.26.0-3 (bookworm) |
| fedoraproject | fedora | — | — |
| kde | kmail | <= 4.4.0 | — |
| suse | linux_enterprise | — | — |
CVSS provenance
nvdv3.07.3HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
osv7.3HIGH