CVE-2011-1168

kdelibs: partially universal XSS in Konqueror error pages

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.

Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función KHTMLPart::htmlError en khtml/khtml_part.cpp en Konqueror en KDE SC v4.4.0 hasta v4.6.1, permite a usuarios remotos inyectar script o HTML de su elección a través de URI en una URL correspondiente a una sitio web no disponible.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-03-03 CVE Reserved
2011-04-12 CVE Published
2024-08-06 CVE Updated
2024-08-06 First Exploit
2024-10-27 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (19)

URL	Tag	Source
http://securityreason.com/securityalert/8208	Third Party Advisory
http://securitytracker.com/id?1025322	Vdb Entry
http://www.securityfocus.com/archive/1/517432/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/517433/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/47304	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/66697	Vdb Entry

URL	Date	SRC
http://www.kde.org/info/security/advisory-20110411-1.txt	2024-08-06
http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc	2024-08-06
https://bugzilla.redhat.com/show_bug.cgi?id=695398	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html	2023-02-13
http://secunia.com/advisories/44065	2023-02-13
http://secunia.com/advisories/44108	2023-02-13
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2011:075	2023-02-13
http://www.ubuntu.com/usn/USN-1110-1	2023-02-13
http://www.vupen.com/english/advisories/2011/0927	2023-02-13
http://www.vupen.com/english/advisories/2011/0928	2023-02-13
http://www.vupen.com/english/advisories/2011/0990	2023-02-13
https://access.redhat.com/security/cve/CVE-2011-1168	2011-04-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.4.0 Search vendor "Kde" for product "Kde Sc" and version "4.4.0"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.4.0 Search vendor "Kde" for product "Kde Sc" and version "4.4.0"		beta1		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.4.0 Search vendor "Kde" for product "Kde Sc" and version "4.4.0"		beta2		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.4.0 Search vendor "Kde" for product "Kde Sc" and version "4.4.0"		rc1		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.4.0 Search vendor "Kde" for product "Kde Sc" and version "4.4.0"		rc2		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.4.0 Search vendor "Kde" for product "Kde Sc" and version "4.4.0"		rc3		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.4.1 Search vendor "Kde" for product "Kde Sc" and version "4.4.1"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.4.2 Search vendor "Kde" for product "Kde Sc" and version "4.4.2"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.4.3 Search vendor "Kde" for product "Kde Sc" and version "4.4.3"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.4.4 Search vendor "Kde" for product "Kde Sc" and version "4.4.4"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.4.5 Search vendor "Kde" for product "Kde Sc" and version "4.4.5"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.5.0 Search vendor "Kde" for product "Kde Sc" and version "4.5.0"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.5.1 Search vendor "Kde" for product "Kde Sc" and version "4.5.1"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.5.2 Search vendor "Kde" for product "Kde Sc" and version "4.5.2"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.5.3 Search vendor "Kde" for product "Kde Sc" and version "4.5.3"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.5.4 Search vendor "Kde" for product "Kde Sc" and version "4.5.4"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.5.5 Search vendor "Kde" for product "Kde Sc" and version "4.5.5"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.6 Search vendor "Kde" for product "Kde Sc" and version "4.6"		beta1		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.6 Search vendor "Kde" for product "Kde Sc" and version "4.6"		beta2		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.6 Search vendor "Kde" for product "Kde Sc" and version "4.6"		rc1		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.6 Search vendor "Kde" for product "Kde Sc" and version "4.6"		rc2		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.6.0 Search vendor "Kde" for product "Kde Sc" and version "4.6.0"		-		Affected
Kde Search vendor "Kde"		Kde Sc Search vendor "Kde" for product "Kde Sc"				4.6.1 Search vendor "Kde" for product "Kde Sc" and version "4.6.1"		-		Affected