Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:157)

Low Nessus Plugin ID 36567


The remote Mandrake Linux host is missing one or more security updates.


The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. Also affects kdelibs 3.5.6, as per KDE official advisory.

Updated packages have been patched to prevent this.


Update the affected packages.

Plugin Details

Severity: Low

ID: 36567

File Name: mandrake_MDKSA-2007-157.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2009/04/23

Modified: 2015/03/19

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.6

Temporal Score: 2.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:kdelibs-common, p-cpe:/a:mandriva:linux:kdelibs-devel-doc, p-cpe:/a:mandriva:linux:lib64kdecore4, p-cpe:/a:mandriva:linux:lib64kdecore4-devel, p-cpe:/a:mandriva:linux:libkdecore4, p-cpe:/a:mandriva:linux:libkdecore4-devel, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/08/10

Reference Information

CVE: CVE-2007-0537

BID: 22428

MDKSA: 2007:157

CWE: 79