CVE-2016-7968

Published on: 12/23/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:06 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Certain versions of Kmail from Kde contain the following vulnerability:

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.

  • CVE-2016-7968 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED LOW LOW NONE

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
Vendor Advisory
www.kde.org
text/plain
URL Logo MISC www.kde.org/info/security/advisory-20161006-3.txt
KMail Multiple Security Vulnerabilities Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 93360
oss-security - Re: KMail vulnerabilites: need 3 CVE Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20161004 Re: KMail vulnerabilites: need 3 CVE

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationKdeKmailAllAllAllAll
  • cpe:2.3:a:kde:kmail:*:*:*:*:*:*:*:*: