1. Home
  2. CVEs with refmap.mlist==[oss-security] 20180711 CVE-2018-10895: Remote code execution due to CSRF in qutebrowser
Max CVSS 6.8 Min CVSS 6.8 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2018-10895 6.8
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash
09-10-2019 - 23:33 12-07-2018 - 12:29
Back to Top Mark selected
Back to Top