Created attachment 90138 [details] Some examples of the PoC Hi there this is D3MENT0R some time ago i fount an HTML injection in dolphin, if you change the name of a file and you inject for example an HTML tag like <hr> or <h1> then when you try to change again the name you will see that the tag is executed so this is an HTML injection. Regards, D3MENT0R
Created attachment 90139 [details] Examples of the PoC
[I am a GCI student] Is this a feature request as I can't reproduce this behaviour you found? Or do you mean something else?
I can't reproduce this problem in Dolphin 4.14.3 Which version you are referring to?
The screenshot looks like it's Dolphin 2.0/KDE SC 4.8, which is extremely outdated. The bug was fixed almost two years ago. See also the duplicate bug 336729, which was reported half a year ago, and which contains a link to a page that shows exactly the same screenshots which are now attached here. *** This bug has been marked as a duplicate of bug 312812 ***
dolphin --version Qt: 4.8.2 KDE Development Platform: 4.8.4 (4.8.4) Dolphin: 2.0 Thats the version that my friend checked, and the vulnerability was fount like 5 months ago, if you try to install KDE Desktop on kali linux you'll have the version affected.
(In reply to mrdestruct0r from comment #5) > dolphin --version Qt: 4.8.2 KDE Development Platform: 4.8.4 (4.8.4) Dolphin: > 2.0 > Thats the version that my friend checked, and the vulnerability was fount > like 5 months ago, if you try to install KDE Desktop on kali linux you'll > have the version affected. Then please talk to your distribution, shipping outdated versions makes them responsible to provide you with the fixes done upstream (by us).