| Vulnerability Name: | CVE-2007-0537 (CCN-31935) | ||||||||||||||||||||
| Assigned: | 2007-01-24 | ||||||||||||||||||||
| Published: | 2007-01-24 | ||||||||||||||||||||
| Updated: | 2018-10-16 | ||||||||||||||||||||
| Summary: | The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. | ||||||||||||||||||||
| CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||||||||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.2 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Jan 23 2007 - 01:44:13 CST Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability Source: CCN Type: BugTraq Mailing List, Tue Jan 23 2007 - 23:06:34 CST Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability Source: MITRE Type: CNA CVE-2007-0537 Source: OSVDB Type: UNKNOWN 32975 Source: CCN Type: RHSA-2007-0909 Moderate: kdelibs security update Source: CCN Type: SA23932 Konqueror HTML Parsing Weakness Source: SECUNIA Type: Vendor Advisory 23932 Source: SECUNIA Type: Vendor Advisory 24013 Source: SECUNIA Type: Vendor Advisory 24065 Source: SECUNIA Type: Vendor Advisory 24442 Source: SECUNIA Type: Vendor Advisory 24463 Source: SECUNIA Type: Vendor Advisory 24889 Source: SECUNIA Type: Vendor Advisory 27108 Source: CCN Type: SECTRACK ID: 1017591 KDE Konqueror Input Validation Hole in Processing HTML Title Tags Permits Cross-Site Scripting Attacks Source: SECTRACK Type: UNKNOWN 1017591 Source: CCN Type: GLSA-200703-10 KHTML: Cross-site scripting (XSS) vulnerability Source: GENTOO Type: UNKNOWN GLSA-200703-10 Source: CCN Type: KDE Security Advisory 20070206-1 khtml/konqueror title XSS vulnerability Source: CONFIRM Type: UNKNOWN http://www.kde.org/info/security/advisory-20070206-1.txt Source: CCN Type: Konqueror Web site Konqueror - Web Browser, File Manager - and more! Source: MANDRIVA Type: UNKNOWN MDKSA-2007:031 Source: MANDRIVA Type: UNKNOWN MDKSA-2007:157 Source: SUSE Type: UNKNOWN SUSE-SR:2007:006 Source: CCN Type: OSVDB ID: 32975 KDE Konqueror KDE HTML library (kdelibs) HTML Parsing XSS Source: REDHAT Type: UNKNOWN RHSA-2007:0909 Source: BUGTRAQ Type: UNKNOWN 20070124 Re: Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability Source: BID Type: UNKNOWN 22428 Source: CCN Type: BID-22428 KDE Konqueror KHTML Library Title Cross Site Scripting Vulnerability Source: CCN Type: TLSA-2007-19 KHTML vulnerability Source: CCN Type: USN-420-1 KDE library vulnerability Source: UBUNTU Type: UNKNOWN USN-420-1 Source: VUPEN Type: Vendor Advisory ADV-2007-0505 Source: XF Type: UNKNOWN konqueror-html-xss(31935) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-1117 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10244 Source: SUSE Type: SUSE-SR:2007:006 SUSE Security Summary Report | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||