CVE-2011-1168

Published: 11 April 2011

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.

Priority

Status

Package	Release	Status
kde4libs Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Ignored (end of life)
	karmic	Released (4:4.3.2-0ubuntu7.3)
	lucid	Released (4:4.4.5-0ubuntu1.1)
	maverick	Released (4:4.5.1-0ubuntu8.1)
	upstream	Released (4.6.2)
	Patches: upstream: http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=afaaf242a30654b61d996e66a3016fcf2a543cd9

References

https://ubuntu.com/security/notices/USN-1110-1
https://www.cve.org/CVERecord?id=CVE-2011-1168
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/kde4libs/+bug/743669

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›