CVE-2016-7966
Severity
7.3HIGH
EPSS
0.3%
top 49.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 23
Latest updateMay 17
Description
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4
Affected Packages2 packages
Also affects: Debian Linux 8.0, Fedora 25, Linux Enterprise 12.0
🔴Vulnerability Details
3GHSA▶
GHSA-833g-vcgj-6xrj: Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer↗2022-05-17
OSV▶
CVE-2016-7966: Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer↗2016-12-23
CVEList▶
CVE-2016-7966: Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer↗2016-12-23