CVE-2018-1000559 - log back

CVE-2018-1000559 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Cross-site scripting
Description
+ qutebrowser before 1.3.3 contains a Cross Site Scripting (XSS) vulnerability that can result in a website stealing the user's browsing history. This attack can be exploitable by tricking the victim into opening a page with a specially crafted <title> attribute, and then opening the qute://history site via the :history command.
References
+ https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7
+ https://github.com/qutebrowser/qutebrowser/issues/4011
Notes