CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-7966 – Ubuntu Security Notice USN-3100-1
https://notcve.org/view.php?id=CVE-2016-7966
12 Oct 2016 — Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. A través de una URL maliciosa que contenía un caracter de comillas era posible inyectar código HTML en el visor de texto plano de KMail. ... • http://lists.opensuse.org/opensuse-updates/2016-10/msg00065.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 3%CPEs: 2EXPL: 3CVE-2005-0404 – KDE KMail 1.7.1 - HTML EMail Remote Email Content Spoofing
https://notcve.org/view.php?id=CVE-2005-0404
13 Apr 2005 — KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email. • https://www.exploit-db.com/exploits/25375 •