kdelibs kde-apidox
Page content
- Author: voroskoi
- Vulnerable: 3.5.4-3
- Unaffected: 3.5.4-4siwenna1
A weakness has been discovered in Konqueror, which can potentially be exploited by malicious people to conduct cross-site scripting attacks. The weakness is caused due to an error in the parsing of comments within title tags of an HTML document. Arbitrary HTML and script code in a comment tag is executed in a user’s browser session when preceded by the corresponding closing title tag. Successful exploitation is possible on web sites that allow users to insert unsanitised HTML and script code within a comment into such a tag.
- Bug Tracker URL: http://bugs.frugalware.org/task/1665