| Max CVSS | 7.5 | Min CVSS | 5.8 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-7968 | 7.5 |
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.
|
27-12-2016 - 18:50 | 23-12-2016 - 22:59 | |
| CVE-2016-7966 | 7.5 |
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which gre
|
27-12-2016 - 18:42 | 23-12-2016 - 22:59 | |
| CVE-2016-7967 | 5.8 |
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.
|
27-12-2016 - 18:42 | 23-12-2016 - 22:59 |