The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 up to and including 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote malicious users to execute script and steal cookies from subframes that are in other domains.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kde konqueror 2.2.2 |
||
kde konqueror 3.0 |
||
kde konqueror 3.0.3 |
||
kde konqueror 3.0.1 |
||
kde konqueror 3.0.2 |
||
kde kde 2.2.2 |
||
kde kde 3.0 |
||
kde kde 3.0.1 |
||
kde kde 3.0.2 |
||
kde kde 3.0.3 |