← back
CVE-2007-0537

CVE-2007-0537

EPSS 1.8%
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/32975http://secunia.com/advisories/23932http://secunia.com/advisories/24013http://secunia.com/advisories/24065http://secunia.com/advisories/24442http://secunia.com/advisories/24463http://secunia.com/advisories/24889http://secunia.com/advisories/27108http://securitytracker.com/id?1017591https://issues.rpath.com/browse/RPL-1117https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10244http://www.gentoo.org/security/en/glsa/glsa-200703-10.xml