CVE-2014-8600

Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.

Published: Dec 8, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-8600
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
urs_wolfer / kwebkitpart	-	1.3.3.x
kde / kde-runtime	-	4.14.2.x
kde / kio-extras	-	5.1.1.x
opensuse / opensuse	13.1	13.1.x

http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
http://seclists.org/fulldisclosure/2014/Nov/54
http://ubuntu.com/usn/usn-2414-1
http://www.securityfocus.com/bid/71190
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-8600/

Vulnerability Database

290,301

CVE-2014-8600