CVE-2016-7968

CWE-94Code InjectionCWE-20Improper Input Validation12 documents7 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 43.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
KDE Kmail
Timeline
PublishedDec 23
Latest updateMay 17

Description

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

NVDkde/kmail5.3.0
Ubuntukdepim< 4:4.13.3-0ubuntu0.1

🔴Vulnerability Details

3
GHSA
GHSA-grrh-62pc-382r: KMail since version 52022-05-17
CVEList
CVE-2016-7968: KMail since version 52016-12-23
OSV
CVE-2016-7968: KMail since version 52016-12-23

📋Vendor Advisories

2
Red Hat
kdepim: JavaScript execution in HTML Mails2016-10-04
Debian
CVE-2016-7968: kf5-messagelib - KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript ena...2016

💬Community

6
Bugzilla
CVE-2016-7968 kf5-messagelib: kdepim: JavaScript execution in HTML Mails [fedora-all]2016-10-12
Bugzilla
CVE-2016-7966 CVE-2016-7967 CVE-2016-7968 kdepim4: various flaws [fedora-all]2016-10-06
Bugzilla
CVE-2016-7968 kdepim: JavaScript execution in HTML Mails2016-10-06
Bugzilla
CVE-2016-7966 CVE-2016-7967 CVE-2016-7968 kdepim: various flaws [fedora-all]2016-10-06
Bugzilla
CVE-2016-7966 CVE-2016-7967 CVE-2016-7968 kdepim3: various flaws [epel-7]2016-10-06
CVE-2016-7968 (MEDIUM CVSS 6.5) | KMail since version 5.3.0 used a QW | cvebase.io