CVE-2018-1000559

Source
Severity Medium
Remote Yes
Type Cross-site scripting
Description
qutebrowser before 1.3.3 contains a Cross Site Scripting (XSS) vulnerability that can result in a website stealing the user's browsing history. This attack can be exploitable by tricking the victim into opening a page with a specially crafted <title> attribute, and then opening the qute://history site via the :history command.
Group Package Affected Fixed Severity Status Ticket
AVG-724 qutebrowser 1.3.2-1 1.3.3-1 Medium Fixed
Date Advisory Group Package Severity Description
26 Jun 2018 ASA-201806-13 AVG-724 qutebrowser Medium cross-site scripting
References
https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7
https://github.com/qutebrowser/qutebrowser/issues/4011