Configuration
CVE-2012-3413
Summary
The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email.
- MEDIUM
- NETWORK
- NONE
- PARTIAL
- NONE
- NONE
CWE-16 - Configuration
Weaknesses in this category are typically introduced during the configuration of the software.
References
Advisory Timeline
- Published