CVE-2018-1000559 log

Severity Medium
Remote Yes
Type Cross-site scripting
qutebrowser before 1.3.3 contains a Cross Site Scripting (XSS) vulnerability that can result in a website stealing the user's browsing history. This attack can be exploitable by tricking the victim into opening a page with a specially crafted <title> attribute, and then opening the qute://history site via the :history command.
Group Package Affected Fixed Severity Status Ticket
AVG-724 qutebrowser 1.3.2-1 1.3.3-1 Medium Fixed
Date Advisory Group Package Severity Type
26 Jun 2018 ASA-201806-13 AVG-724 qutebrowser Medium cross-site scripting