CVE-2012-3413
KDE PIM 4.6-4.8 - Cross-Site Scripting via Email HTML Processing
Title source: llmDescription
The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email.
References (9)
Core 9
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083946.html
Various Sources x_refsource_confirm
https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/16/3
Various Sources vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-1512-1
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084262.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50008
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/17/11
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/13/3
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/13/4
Scores
EPSS
0.0083
EPSS Percentile
74.7%
Details
CWE
CWE-16
Status
published
Products (2)
kde/kde_pim
4.6
kde/kde_pim
4.8
Published
Aug 07, 2012
Tracked Since
Feb 18, 2026