CVE-2014-8600

EUVD-2014-8437
Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
urs_wolferkwebkitpart
𝑥
≤ 1.3.3
kdekde-runtime
𝑥
≤ 4.14.2
kdekio-extras
𝑥
≤ 5.1.1
opensuseopensuse
13.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kde-runtime
lucid
dne
precise
Fixed 4:4.8.5-0ubuntu0.3
released
trusty
Fixed 4:4.13.3-0ubuntu0.2
released
utopic
Fixed 4:4.14.1-0ubuntu1.1
released
kio-extras
lucid
dne
precise
dne
trusty
dne
utopic
dne
webkitkde
lucid
ignored
precise
Fixed 1.1.0git80efcf77-1ubuntu1
released
trusty
Fixed 1.3~git20120518.9a111005-3ubuntu1
released
utopic
Fixed 1.3.4-1ubuntu0.1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
http://seclists.org/fulldisclosure/2014/Nov/54
http://ubuntu.com/usn/usn-2414-1
http://www.securityfocus.com/bid/71190
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8600/
http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
http://seclists.org/fulldisclosure/2014/Nov/54
http://ubuntu.com/usn/usn-2414-1
http://www.securityfocus.com/bid/71190
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8600/