CVE-2010-2536

EUVD-2010-2540
Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a URL associated with a nonexistent domain name, related to webpage.cpp, aka a "universal XSS" issue; (2) unspecified vectors related to webview.cpp; and the about: views for (3) favorites, (4) bookmarks, (5) closed tabs, and (6) history.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
adjamrekonq
𝑥
≤ 0.5.0
adjamrekonq
0.0.1
adjamrekonq
0.0.2
adjamrekonq
0.0.3
adjamrekonq
0.0.4
adjamrekonq
0.1:alpha
adjamrekonq
0.1.0
adjamrekonq
0.1.95
adjamrekonq
0.1.98
adjamrekonq
0.2.0
adjamrekonq
0.2.90
adjamrekonq
0.3.0
adjamrekonq
0.3.90
adjamrekonq
0.4.0
adjamrekonq
0.4.90
adjamrekonq
0.4.95
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rekonq
dapper
dne
hardy
dne
jaunty
dne
karmic
ignored
lucid
ignored
maverick
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049406.html
http://marc.info/?l=oss-security&m=127971194610788&w=2
http://marc.info/?l=oss-security&m=127973502617945&w=2
http://secunia.com/advisories/40646
http://www.osvdb.org/66568
http://www.vupen.com/english/advisories/2010/2689
https://bugs.kde.org/show_bug.cgi?id=217464
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049406.html
http://marc.info/?l=oss-security&m=127971194610788&w=2
http://marc.info/?l=oss-security&m=127973502617945&w=2
http://secunia.com/advisories/40646
http://www.osvdb.org/66568
http://www.vupen.com/english/advisories/2010/2689
https://bugs.kde.org/show_bug.cgi?id=217464