mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 19:17:37 +02:00
0xMarcio
909 B
909 B
CVE-2016-7966
Description
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.
POC
Reference
- http://www.openwall.com/lists/oss-security/2016/10/05/1
- http://www.openwall.com/lists/oss-security/2016/10/05/1
Github
No PoCs found on GitHub currently.