ASA-201806-13 log generated external raw

[ASA-201806-13] qutebrowser: cross-site scripting
Arch Linux Security Advisory ASA-201806-13 ========================================== Severity: Medium Date : 2018-06-26 CVE-ID : CVE-2018-1000559 Package : qutebrowser Type : cross-site scripting Remote : Yes Link : Summary ======= The package qutebrowser before version 1.3.3-1 is vulnerable to cross- site scripting. Resolution ========== Upgrade to 1.3.3-1. # pacman -Syu "qutebrowser>=1.3.3-1" The problem has been fixed upstream in version 1.3.3. Workaround ========== None. Description =========== qutebrowser before 1.3.3 contains a Cross Site Scripting (XSS) vulnerability that can result in a website stealing the user's browsing history. This attack can be exploitable by tricking the victim into opening a page with a specially crafted <title> attribute, and then opening the qute://history site via the :history command. Impact ====== A remote attacker is able to steal the browser history with a specially crafted web page title. References ==========