CVE-2016-7968

MEDIUM

KDE Kmail < 5.3.0 - Code Injection

Title source: rule

Description

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.

References (3)

Scores

CVSS v3 6.5
EPSS 0.0033
EPSS Percentile 55.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Classification

CWE
CWE-94
Status published

Affected Products (2)

kde/kmail < 5.3.0
n/a/n/a

Timeline

Published Dec 23, 2016
Tracked Since Feb 18, 2026