Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.801422
Category:General
Title:rekonq 'Error Page' Cross-Site Scripting Vulnerabilities
Summary:This host is installed with rekonq and is prone to cross-site; scripting vulnerabilities.
Description:Summary:
This host is installed with rekonq and is prone to cross-site
scripting vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- An error in the handling of a URL associated with a nonexistent domain name
which is related to 'webpage.cpp',

- An error in handling of unspecified vectors related to 'webview.cpp'

- An error in the handing of 'about:' views for favorites, bookmarks, closed
tabs, and history.

Vulnerability Impact:
Successful exploitation will allow attackers to crash fresh
instance, inject the malicious content into error message, access the cookies
when the hostname under which the cookies have been set.

Affected Software/OS:
Rekonq version 0.5 and prior.

Solution:
Upgrade to version 0.6 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-2536
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049406.html
http://marc.info/?l=oss-security&m=127973502617945&w=2
http://marc.info/?l=oss-security&m=127971194610788&w=2
http://www.osvdb.org/66568
http://secunia.com/advisories/40646
http://www.vupen.com/english/advisories/2010/2689
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.