KDE Security Advisory: khtml/konqueror title XSS vulnerability
Original Release Date: 2007-02-06
1. Systems affected:
KDE including KDE 3.5.6.
Jose Avila noticed that there is a possibility to inject
user supplied data to be embeded inside the page title and
do not properly escape the text.
On affected websites it is possible to conduct XSS attacks
and steal authorisation data.
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
Patch for KDE 3.5.6 and newer