Summary: | HTML injection | ||
---|---|---|---|
Product: | [Applications] dolphin | Reporter: | mrdestruct0r |
Component: | general | Assignee: | Dolphin Bug Assignee <dolphin-bugs-null> |
Status: | RESOLVED DUPLICATE | ||
Severity: | minor | CC: | emmanuelpescosta099, nb64367 |
Priority: | NOR | ||
Version: | 16.12.2 | ||
Target Milestone: | --- | ||
Platform: | Other | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Attachments: |
Some examples of the PoC
Examples of the PoC |
Created attachment 90139 [details]
Examples of the PoC
[I am a GCI student] Is this a feature request as I can't reproduce this behaviour you found? Or do you mean something else? I can't reproduce this problem in Dolphin 4.14.3 Which version you are referring to? The screenshot looks like it's Dolphin 2.0/KDE SC 4.8, which is extremely outdated. The bug was fixed almost two years ago. See also the duplicate bug 336729, which was reported half a year ago, and which contains a link to a page that shows exactly the same screenshots which are now attached here. *** This bug has been marked as a duplicate of bug 312812 *** dolphin --version Qt: 4.8.2 KDE Development Platform: 4.8.4 (4.8.4) Dolphin: 2.0 Thats the version that my friend checked, and the vulnerability was fount like 5 months ago, if you try to install KDE Desktop on kali linux you'll have the version affected. (In reply to mrdestruct0r from comment #5) > dolphin --version Qt: 4.8.2 KDE Development Platform: 4.8.4 (4.8.4) Dolphin: > 2.0 > Thats the version that my friend checked, and the vulnerability was fount > like 5 months ago, if you try to install KDE Desktop on kali linux you'll > have the version affected. Then please talk to your distribution, shipping outdated versions makes them responsible to provide you with the fixes done upstream (by us). |
Created attachment 90138 [details] Some examples of the PoC Hi there this is D3MENT0R some time ago i fount an HTML injection in dolphin, if you change the name of a file and you inject for example an HTML tag like <hr> or <h1> then when you try to change again the name you will see that the tag is executed so this is an HTML injection. Regards, D3MENT0R