CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3413
https://notcve.org/view.php?id=CVE-2012-3413
The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. La función HTMLQuoteColorer::process en messageviewer/htmlquotecolorer.cpp en KDE PIM v4.6 hasta v4.8 no desabilita JavaScript, Java, ni los complementos, lo que permite a atacantes remotos inyectar secuencias de comandos o HTML a través de un correo manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083946.html http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084262.html http://secunia.com/advisories/50008 http://ubuntu.com/usn/usn-1512-1 http://www.openwall.com/lists/oss-security/2012/07/13/3 http://www.openwall.com/lists/oss-security/2012/07/13/4 http://www.openwall.com/lists/oss-security/2012/07/16/3 http://www.openwall.com/lists/oss-security/2012/07/17/11 https:/&# • CWE-16: Configuration •