Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted <title> attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
qutebrowser 跨站脚本漏洞
Vulnerability Description
qutebrowser是一款具有图形界面的键盘式开源浏览器。 qutebrowser 0.11.0(1179ee7a937fb31414d77d9970bac21095358449)版本中的qute://history页面的history command存在跨站脚本漏洞。远程攻击者可借助带有特制<title>属性的页面及qute://history网站利用该漏洞注入JavaScript代码,窃取用户浏览记录。
CVSS Information
N/A
Vulnerability Type
N/A