CVE-2016-7966

HIGH Year: 2016
CVSS v3 Score
7.3
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-94
View all →

Vulnerability Description

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.

Related Vulnerabilities

CVE-2005-3302

HIGH
CVSS:7.3(High)

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.

CWE-942005

CVE-2019-10173

HIGH
CVSS:7.3(High)

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attack...

CWE-942019

CVE-2022-0845

HIGH
CVSS:7.3(High)

Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.

CWE-942022

CVE-2022-28766

HIGH
CVSS:7.3(High)

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged ...

CWE-942022

CVE-2022-36069

HIGH
CVSS:7.3(High)

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are const...

CWE-942022

CVE-2023-24059

HIGH
CVSS:7.3(High)

Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023.

CWE-942023