Vulnerability Details : CVE-2011-1168
Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2011-1168
- cpe:2.3:a:kde:kde_sc:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.6:rc2:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.6:beta1:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.6:beta2:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.5.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1168
3.78%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1168
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-1168
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1168
-
http://www.securityfocus.com/archive/1/517433/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/archive/1/517432/100/0/threaded
SecurityFocus
-
http://www.vupen.com/english/advisories/2011/0927
Webmail | OVH- OVHVendor Advisory
-
http://securityreason.com/securityalert/8208
Medium severity flaw in Konqueror - CXSecurity.com
-
http://securitytracker.com/id?1025322
KDE Konqueror Input Validation Flaw in Error Page Permits Cross-Site Scripting Attacks - SecurityTracker
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727
The Slackware Linux Project: Slackware Security Advisories
-
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:009
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:075
mandriva.com
-
https://bugzilla.redhat.com/show_bug.cgi?id=695398
695398 – (CVE-2011-1168) CVE-2011-1168 kdelibs: partially universal XSS in Konqueror error pagesExploit
-
http://www.vupen.com/english/advisories/2011/0928
Webmail | OVH- OVHVendor Advisory
-
http://www.securityfocus.com/bid/47304
KDE Konqueror Error Page Cross Site Scripting Vulnerability
-
http://www.vupen.com/english/advisories/2011/0990
Webmail | OVH- OVHVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66697
KDE Konqueror KHTMLPart::htmlError() cross-site scripting CVE-2011-1168 Vulnerability Report
-
http://www.kde.org/info/security/advisory-20110411-1.txt
Exploit;Vendor Advisory
-
http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc
Exploit
-
http://www.ubuntu.com/usn/USN-1110-1
USN-1110-1: KDE-Libs vulnerabilities | Ubuntu security notices
Jump to