Bug 342278

Summary: HTML injection
Product: [Applications] dolphin Reporter: mrdestruct0r
Component: generalAssignee: Dolphin Bug Assignee <dolphin-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: minor CC: emmanuelpescosta099, nb64367
Priority: NOR    
Version First Reported In: 16.12.2   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: Some examples of the PoC
Examples of the PoC

Description mrdestruct0r 2014-12-28 14:25:54 UTC 
Created attachment 90138 [details]
Some examples of the PoC

Hi there this is D3MENT0R some time ago i fount an HTML injection in dolphin, if you change the name of a file and you inject for example an HTML tag like <hr> or <h1> then when you try to change again the name you will see that the tag is executed so this is an HTML injection.
Regards,
D3MENT0R
Comment 1 mrdestruct0r 2014-12-28 14:46:38 UTC 
Created attachment 90139 [details]
Examples of the PoC
Comment 2 bunu 2014-12-28 18:44:34 UTC 
[I am a GCI student]

Is this a feature request as I can't reproduce this behaviour you found? Or do you mean something else?
Comment 3 Emmanuel Pescosta 2014-12-28 19:53:11 UTC 
I can't reproduce this problem in Dolphin 4.14.3

Which version you are referring to?
Comment 4 Frank Reininghaus 2014-12-28 21:41:07 UTC 
The screenshot looks like it's Dolphin 2.0/KDE SC 4.8, which is extremely outdated. The bug was fixed almost two years ago.

See also the duplicate bug 336729, which was reported half a year ago, and which contains a link to a page that shows exactly the same screenshots which are now attached here.

*** This bug has been marked as a duplicate of bug 312812 ***
Comment 5 mrdestruct0r 2014-12-29 00:21:28 UTC 
dolphin --version Qt: 4.8.2 KDE Development Platform: 4.8.4 (4.8.4) Dolphin: 2.0
Thats the version that my friend checked, and the vulnerability was fount like 5 months ago, if you try to install KDE Desktop on kali linux you'll have the version affected.
Comment 6 Myriam Schweingruber 2014-12-29 14:30:01 UTC 
(In reply to mrdestruct0r from comment #5)
> dolphin --version Qt: 4.8.2 KDE Development Platform: 4.8.4 (4.8.4) Dolphin:
> 2.0
> Thats the version that my friend checked, and the vulnerability was fount
> like 5 months ago, if you try to install KDE Desktop on kali linux you'll
> have the version affected.

Then please talk to your distribution, shipping outdated versions makes them responsible to provide you with the fixes done upstream (by us).