CVE-2016-7966
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.
A través de una URL maliciosa que contenía un caracter de comillas era posible inyectar código HTML en el visor de texto plano de KMail. Debido al analizador utilizado en la URL no fue posible incluir el signo igual (=) o un espacio dentro del HTML inyectado, lo que reduce enormemente la funcionalidad HTML disponible. Aunque es posible incluir un comentario indicador de HTML para ocultar el contenido.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-09-09 CVE Reserved
- 2016-10-12 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/10/05/1 | Mailing List | |
http://www.securityfocus.com/bid/93360 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kde Search vendor "Kde" | Kmail Search vendor "Kde" for product "Kmail" | <= 4.4.0 Search vendor "Kde" for product "Kmail" and version " <= 4.4.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 25 Search vendor "Fedoraproject" for product "Fedora" and version "25" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Linux Enterprise Search vendor "Suse" for product "Linux Enterprise" | 12.0 Search vendor "Suse" for product "Linux Enterprise" and version "12.0" | - |
Affected
|