Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a URL associated with a nonexistent domain name, related to webpage.cpp, aka a "universal XSS" issue; (2) unspecified vectors related to webview.cpp; and the about: views for (3) favorites, (4) bookmarks, (5) closed tabs, and (6) history.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2010-08-02 14:00
Updated : 2010-11-02 22:59
NVD link : CVE-2010-2536
Mitre link : CVE-2010-2536
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
adjam
- rekonq