CVE-2002-1151

Published Oct 11, 2002

Last updated 8 years ago

Overview

Description: The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D435E39F-4F70-481B-9225-B072B79BEB69"
          },
          {
            "criteria": "cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AD68BAB-8945-4A22-938E-12C01D0111D0"
          },
          {
            "criteria": "cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B3220BF-B0AF-4C90-89BD-B425EE58021D"
          },
          {
            "criteria": "cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA53FB7A-AF7F-45B2-AF23-11B1FC4EC289"
          },
          {
            "criteria": "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "619EB7F6-8694-4344-A4C9-A35DA58391AB"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:kde:kde:2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F531972-E0A7-4E7C-A899-3766CEAAE2EF"
          },
          {
            "criteria": "cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CEED379-3111-4451-B782-8C66CE568A1C"
          },
          {
            "criteria": "cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B146FCD3-F6E7-4412-94FD-F9E66089C227"
          },
          {
            "criteria": "cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99CB51E4-0BFC-4C7C-B9EE-3DBCB0188D73"
          },
          {
            "criteria": "cpe:2.3:o:kde:kde:3.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C629F0C8-C765-4076-B426-80929F9CE285"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References