CVE-2016-7966
EUVD-2016-881423.12.2016, 22:59
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| kde | kmail | 𝑥 ≤ 4.4.0 |
| debian | debian_linux | 8.0 |
| suse | linux_enterprise | 12.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| kcoreaddons |
| ||||||||||
| kdepim |
| ||||||||||
| kdepimlibs |
| ||||||||||
| kf5-messagelib |
|
References