Bug 336729

Summary: HTMLi dolphin linux KDE
Product: [Applications] dolphin Reporter: GreyCod3 <greycod3>
Component: searchAssignee: Dolphin Bug Assignee <dolphin-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: NOR    
Version: 16.12.2   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
URL: http://greycod3.blogspot.com/2014/06/htmli-dolphin-kde-linux.html
Latest Commit: Version Fixed In:

Description GreyCod3 2014-06-25 21:04:15 UTC 
Se Trata de la vulnerabilidad HTMLi en el buscador Dolphin Linux KDE.
En un texto.
Si aplicamos RENAME e inyectamos cualquier TAG.
Se ejecutará en bruto a la hora de cambiar.

nick name: D3MENT0R - GreyCod3 Team
http://greycod3.blogspot.com/2014/06/htmli-dolphin-kde-linux.html

Reproducible: Always

Steps to Reproduce:
1.Aplicar RENAME a un txt
2.Inyectar un TAG
3.Se ejecutará en bruto a la hora de cambiar.
Actual Results:  
Inyección HTML


Se puede hacer un ClickJacking o envenenar un login.
Comment 1 Frank Reininghaus 2014-06-25 21:37:55 UTC 
Thanks for the bug report, but this issue has been fixed a long time ago. You are strongly encouraged to upgrade to a more recent version of Dolphin/the KDE SC.

BTW, you should always tell us which version you use when you file bug reports (according to the screenshot on the page you linked to, its KDE SC 4.7 or older, I think, which is *extremely* outdated).

*** This bug has been marked as a duplicate of bug 312812 ***
Comment 2 Frank Reininghaus 2014-06-25 21:41:12 UTC 
(In reply to comment #1)
> BTW, you should always tell us which version you use when you file bug
> reports (according to the screenshot on the page you linked to, its KDE SC
> 4.7 or older, I think, which is *extremely* outdated).

Sorry, I got that wrong - it's most likely KDE SC 4.8.x/Dolphin 2.0. It's still quite outdated though ;-)