CVE-2014-8600

Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
urs_wolferkwebkitpart
𝑥
≤ 1.3.3
kdekde-runtime
𝑥
≤ 4.14.2
kdekio-extras
𝑥
≤ 5.1.1
opensuseopensuse
13.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kde-runtime
utopic
Fixed 4:4.14.1-0ubuntu1.1
released
trusty
Fixed 4:4.13.3-0ubuntu0.2
released
precise
Fixed 4:4.8.5-0ubuntu0.3
released
lucid
dne
kio-extras
utopic
dne
trusty
dne
precise
dne
lucid
dne
webkitkde
utopic
Fixed 1.3.4-1ubuntu0.1
released
trusty
Fixed 1.3~git20120518.9a111005-3ubuntu1
released
precise
Fixed 1.1.0git80efcf77-1ubuntu1
released
lucid
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
http://seclists.org/fulldisclosure/2014/Nov/54
http://ubuntu.com/usn/usn-2414-1
http://www.securityfocus.com/bid/71190
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8600/
http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
http://seclists.org/fulldisclosure/2014/Nov/54
http://ubuntu.com/usn/usn-2414-1
http://www.securityfocus.com/bid/71190
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8600/