VDB
CVE-2002-1151
CVE-2002-1151
PUBLISHED
CVSS 7.5 HIGH
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
EPSS 3.22% · 87.3th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
3.22%
87.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| kde | kde | 2.2.2, 3.0, 3.0.2 |
| kde | konqueror | 2.2.2, 3.0.1, 3.0.3 |
Exploit Intelligence
- RHSA-2002:220 (circl)
- http://www.kde.org/info/security/advisory-20020908-2.txt (circl)
- ie-sameoriginpolicy-bypass(10039) (circl)
- MDKSA-2002:064 (circl)
- DSA-167 (circl)
- RHSA-2002:221 (circl)
- CLA-2002:525 (circl)
- 5689 (circl)
- 7867 (circl)
- CSSA-2002-047.0 (circl)
…and 1 more exploits
Timeline
- Oct 11, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- RHSA-2002:220 vendor-advisory
- http://www.kde.org/info/security/advisory-20020908-2.txt url
- ie-sameoriginpolicy-bypass(10039) vdb
- MDKSA-2002:064 vendor-advisory
- DSA-167 vendor-advisory
- RHSA-2002:221 vendor-advisory
- CLA-2002:525 vendor-advisory
- 5689 vdb
- 7867 vdb
- CSSA-2002-047.0 vendor-advisory
- 20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2002-1151 advisory