SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2018-1000559

qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week).</p><a id='hideExpand' onclick='showCVSS();' style='color:#08549c;cursor:pointer;font-size:14px;'><b style='font-size:13px'><u>CVSS Score and Metrics </u>+</b></a><a id='hideCollapse' onclick='showCVSS();' style='color:#08549c;cursor:pointer;font-size:14px;'><b style='font-size:13px'><u>CVSS Score and Metrics </u>-</b></a><p></p><table id='hideTable' cellspacing='3' cellpadding='0' border='0' align='left' style='color:#08549C;'><tr><td colspan='2' width='440px'><b style='font-size:13px'>CVSS V3 Severity:</b></td><td colspan = '2' width='320px' align = 'left' valign = 'top'><b style='font-size:13px'>CVSS V2 Severity:</b></td></tr><tr><td colspan='2' width='440px'>CVSS Score : 6.1</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>CVSS Score : 4.3</td></tr><tr><td colspan='2' width='440px'>Exploit Score: 2.8</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Exploit Score: 8.6</td></tr><tr><td colspan='2' width='440px'>Impact Score: 2.7</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Impact Score: 2.9</td></tr><tr><td> </td></tr><tr><td colspan='2' width='440px'><b style='font-size:13px'>CVSS V3 Metrics:</b></td><td colspan = '2' width='320px' align = 'left' valign = 'top'><b style='font-size:13px'>CVSS V2 Metrics:</b></td></tr><tr><td colspan='2' width='440px'>Attack Vector: NETWORK</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Access Vector: NETWORK</td></tr><tr><td colspan='2' width='440px'>Attack Complexity: LOW</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Access Complexity: MEDIUM</td></tr><tr><td colspan='2' width='440px'>Privileges Required: NONE</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Authentication: NONE</td></tr><tr><td colspan='2' width='440px'>User Interaction: REQUIRED</td><td colspan='2' width='320px' align= 'left' valign = 'top'>Confidentiality: NONE</td></tr><tr><td colspan='2' width='440px'>Scope: CHANGED</td><td colspan='2' width='320px' align = 'left' valign = 'top'>Integrity: PARTIAL</td></tr><tr><td colspan='2' width='440px'>Confidentiality: LOW</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Availability: NONE</td></tr><tr><td colspan='2' width='440px'>Integrity: LOW</td><td colspan='2' width='320px' align = 'left' valign = 'top'> </td></tr><tr><td colspan='2' width='440px'>Availability: NONE</td><td colspan='2' width='320px' align = 'left' valign = 'top'> </td></tr><tr><td colspan='2' width='440px'> </td><td colspan='2' width='320px' align = 'left' valign = 'top'> </td></tr></table><table cellspacing='0' border='0' style='color:#08549C'><tr><td width='640px' valign='top'><b style='font-size:13px'>Reference:</b> </td></tr><tr> <td><a href="javascript: openReference('https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7')">https://github.com/qutebrowser/qutebrowser/commit/4c9360237f186681b1e3f2a0f30c45161cf405c7</a></td> </tr><tr> <td><a href="javascript: openReference('https://github.com/qutebrowser/qutebrowser/commit/5a7869f2feaa346853d2a85413d6527c87ef0d9f')">https://github.com/qutebrowser/qutebrowser/commit/5a7869f2feaa346853d2a85413d6527c87ef0d9f</a></td> </tr><tr> <td><a href="javascript: openReference('https://github.com/qutebrowser/qutebrowser/issues/4011')">https://github.com/qutebrowser/qutebrowser/issues/4011</a></td> </tr></table></br> </div> </td> </tr> </table> </div> <a href="control.jsp?command=relation&relationId=cpe:/a:qutebrowser:qutebrowser&search=cpe:/a:qutebrowser:qutebrowser" style="cursor:pointer;" onmouseOver="showIdsMouseOver('sub1')" onmouseOut="showIdsMouseOut('sub1')"> <div class='relation-div-small' id='sub1' style='left:40%;'> <font color="#08549C"> <table cellpadding="0" cellspacing="0" width="100%" border="0"> <tr> <td align="left"> <font color="#08549C"> <b>CPE</b> </font> <font color="#08549C" size=3> <b> 1</b> </font> </td> </tr> </table> <div id="idDiv1" style="text-overflow:ellipsis;overflow:hidden;width:120px;" > <font size=1> cpe:/a:qutebrowser:qutebrowser<br/> </font> </div> </div> </a> <input id="idDivHidden1" name="idDivHidden1" type="hidden" value="cpe:/a:qutebrowser:qutebrowser"> <a href="control.jsp?command=relation&relationId=79&search=79" style="cursor:pointer;" onmouseOver="showIdsMouseOver('sub2')" onmouseOut="showIdsMouseOut('sub2')"> <div class='relation-div-small' id='sub2' style='left:50%;'> <font color="#08549C"> <table cellpadding="0" cellspacing="0" width="100%" border="0"> <tr> <td align="left"> <font color="#08549C"> <b>CWE</b> </font> <font color="#08549C" size=3> <b> 1</b> </font> </td> </tr> </table> <div id="idDiv2" style="text-overflow:ellipsis;overflow:hidden;width:120px;" > <font size=1> CWE-79<br/> </font> </div> </div> </a> <input id="idDivHidden2" name="idDivHidden2" type="hidden" value="CWE-79"> <div style="position:absolute;top:620px;left:540px;clear:both;"> <script> function footer(page){ window.open(page); } </script> <script src="/JavaScriptServlet" type="text/javascript"></script> <p style="clear:both;text-align:center;"> <center><p>© <script>document.write(new Date().getFullYear())</script> SecPod Technologies</p></center> </p> </div> </div> </body> </html>


30479



423868



249622



909



195549



282