CVE-2016-7966 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Insufficient validation
Description	Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plain text viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-43	kcoreaddons	5.26.0-1	5.26.0-2	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
07 Oct 2016	ASA-201610-4	AVG-43	kcoreaddons	Medium	insufficient validation

References
https://www.kde.org/info/security/advisory-20161006-1.txt http://seclists.org/oss-sec/2016/q4/23

Notes
changed severity from High to Medium