---

CVE-2018-1000559 - log back

CVE-2018-1000559 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Cross-site scripting
Description	+ qutebrowser before 1.3.3 contains a Cross Site Scripting (XSS) vulnerability that can result in a website stealing the user's browsing history. This attack can be exploitable by tricking the victim into opening a page with a specially crafted <title> attribute, and then opening the qute://history site via the :history command.
References	+ https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7 + https://github.com/qutebrowser/qutebrowser/issues/4011
Notes