CVE-2018-1000559 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Cross-site scripting |
| Description | qutebrowser before 1.3.3 contains a Cross Site Scripting (XSS) vulnerability that can result in a website stealing the user's browsing history. This attack can be exploitable by tricking the victim into opening a page with a specially crafted <title> attribute, and then opening the qute://history site via the :history command. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-724 | qutebrowser | 1.3.2-1 | 1.3.3-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 26 Jun 2018 | ASA-201806-13 | AVG-724 | qutebrowser | Medium | cross-site scripting |
| References |
|---|
https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7 https://github.com/qutebrowser/qutebrowser/issues/4011 |