icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Konqueror Cross-Domain Scripting

High

Synopsis

The remote host is vulnerable to a cross-site scripting (XSS) attack.

Description

The remote host is using a version of Konqueror, a web browser, which is prone to a security flaw wherein a malicious website can spoof a third party domain within frames. An attacker exploiting this flaw would get the local user to 'trust' a remote spoofed domain. For example, if the malicious website were to spoof a trusted domain, the user may enter confidential information into the spoofed frame.

Solution

Upgrade or patch according to vendor recommendations.