CVE-2016-7968

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.
Group Package Affected Fixed Severity Status Ticket
AVG-44 messagelib 16.08.1-1 16.08.1-2 Medium Fixed
Date Advisory Group Package Severity Description
07 Oct 2016 ASA-201610-5 AVG-44 messagelib Medium multiple issues
References
https://www.kde.org/info/security/advisory-20161006-3.txt
http://seclists.org/oss-sec/2016/q4/21