The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 up to and including 4.8 does not disable JavaScript, Java, and Plugins, which allows remote malicious users to inject arbitrary web script or HTML via a crafted email.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kde kde pim 4.6 |
||
kde kde pim 4.8 |