This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
A vulnerability was discovered in Konqueror's cross site scripting
protection, in that it fails to initialize the domains on
foreign subframe which is defined in the HTML source, which can be
used to steal cookies from the client and allow other cross-site
scripting attacks. This also affects other KDE software that uses the
KHTML rendering engine.
This is fixed in KDE 3.0.3a, and the KDE team provided a patch for KDE
2.2.2. This patch has been applied to the following packages.
After upgrading kdelibs, you must restart KDE in order for the fix to
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5