CVE-2011-1168

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
kdekde_sc
4.4.0
kdekde_sc
4.4.0:beta1
kdekde_sc
4.4.0:beta2
kdekde_sc
4.4.0:rc1
kdekde_sc
4.4.0:rc2
kdekde_sc
4.4.0:rc3
kdekde_sc
4.4.1
kdekde_sc
4.4.2
kdekde_sc
4.4.3
kdekde_sc
4.4.4
kdekde_sc
4.4.5
kdekde_sc
4.5.0
kdekde_sc
4.5.1
kdekde_sc
4.5.2
kdekde_sc
4.5.3
kdekde_sc
4.5.4
kdekde_sc
4.5.5
kdekde_sc
4.6:beta1
kdekde_sc
4.6:beta2
kdekde_sc
4.6:rc1
kdekde_sc
4.6:rc2
kdekde_sc
4.6.0
kdekde_sc
4.6.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kde4libs
dapper
dne
hardy
ignored
karmic
Fixed 4:4.3.2-0ubuntu7.3
released
lucid
Fixed 4:4.4.5-0ubuntu1.1
released
maverick
Fixed 4:4.5.1-0ubuntu8.1
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
kdelibs
RHEL 6
6:4.3.4-11.el6_0.2
fixed
kdelibs-apidocs
RHEL 6
6:4.3.4-11.el6_0.2
fixed
kdelibs-common
RHEL 6
6:4.3.4-11.el6_0.2
fixed
kdelibs-devel
RHEL 6
6:4.3.4-11.el6_0.2
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://secunia.com/advisories/44065
http://secunia.com/advisories/44108
http://securityreason.com/securityalert/8208
http://securitytracker.com/id?1025322
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727
http://www.kde.org/info/security/advisory-20110411-1.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2011:075
http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc
http://www.securityfocus.com/archive/1/517432/100/0/threaded
http://www.securityfocus.com/archive/1/517433/100/0/threaded
http://www.securityfocus.com/bid/47304
http://www.ubuntu.com/usn/USN-1110-1
http://www.vupen.com/english/advisories/2011/0927
http://www.vupen.com/english/advisories/2011/0928
http://www.vupen.com/english/advisories/2011/0990
https://bugzilla.redhat.com/show_bug.cgi?id=695398
https://exchange.xforce.ibmcloud.com/vulnerabilities/66697
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://secunia.com/advisories/44065
http://secunia.com/advisories/44108
http://securityreason.com/securityalert/8208
http://securitytracker.com/id?1025322
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727
http://www.kde.org/info/security/advisory-20110411-1.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2011:075
http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc
http://www.securityfocus.com/archive/1/517432/100/0/threaded
http://www.securityfocus.com/archive/1/517433/100/0/threaded
http://www.securityfocus.com/bid/47304
http://www.ubuntu.com/usn/USN-1110-1
http://www.vupen.com/english/advisories/2011/0927
http://www.vupen.com/english/advisories/2011/0928
http://www.vupen.com/english/advisories/2011/0990
https://bugzilla.redhat.com/show_bug.cgi?id=695398
https://exchange.xforce.ibmcloud.com/vulnerabilities/66697