[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <201104112207.39386.timb@nth-dimension.org.uk>
Date: Mon, 11 Apr 2011 22:07:24 +0100
From: Tim Brown <timb@...-dimension.org.uk>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Medium severity flaw in Konqueror
I was recently taking a look at Konquerer and spotted an example of universal
XSS. Essentially, the error page displayed when a requested URL is not
available includes said URL. If said URL includes HTML fragments these will
be rendered. CVE-2010-2952 has been assigned to this issue.
Tim
--
Tim Brown
<mailto:timb@...-dimension.org.uk>
<http://www.nth-dimension.org.uk/>
Download attachment "NDSA20110321.txt.asc" of type "application/pgp-signature" (5405 bytes)
Download attachment "signature.asc " of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists