CVE-2007-0537

Publication date 29 January 2007

Last updated 17 July 2025

Ubuntu priority

The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
kdelibs	7.04 feisty	Fixed 3.5.6-0ubuntu14.1
	6.10 edgy	Fixed 3.5.5-0ubuntu3.5
	6.06 LTS dapper	Fixed 3.5.2-0ubuntu18.5

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-420-1
KDE library vulnerability
6 February 2007

Other references

https://www.cve.org/CVERecord?id=CVE-2007-0537