Description
Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a URL associated with a nonexistent domain name, related to webpage.cpp, aka a "universal XSS" issue; (2) unspecified vectors related to webview.cpp; and the about: views for (3) favorites, (4) bookmarks, (5) closed tabs, and (6) history.
Affected products
- adjam / rekonq0.5.0
- adjam / rekonq0.0.1 – 0.0.1
- adjam / rekonq0.0.2 – 0.0.2
- adjam / rekonq0.0.3 – 0.0.3
- adjam / rekonq0.0.4 – 0.0.4
- adjam / rekonq0.1 – 0.1
- adjam / rekonq0.1.0 – 0.1.0
- adjam / rekonq0.1.95 – 0.1.95
- adjam / rekonq0.1.98 – 0.1.98
- adjam / rekonq0.2.0 – 0.2.0
- adjam / rekonq0.2.90 – 0.2.90
- adjam / rekonq0.3.0 – 0.3.0
- adjam / rekonq0.3.90 – 0.3.90
- adjam / rekonq0.4.0 – 0.4.0
- adjam / rekonq0.4.90 – 0.4.90
- adjam / rekonq0.4.95 – 0.4.95
References
- MAILING_LISThttp://marc.info/?l=oss-security&m=127973502617945&w=2
- VENDOR_ADVISORYhttp://secunia.com/advisories/40646
- MISChttp://www.osvdb.org/66568
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/2689
- MAILING_LISThttp://marc.info/?l=oss-security&m=127971194610788&w=2
- MISChttps://bugs.kde.org/show_bug.cgi?id=217464
- MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049406.html