KDE Konqueror 3.2.2-1 is susceptible to cross site scripting flaws.
e5b76811b57ff0415f7cefe4c0eba39cbed052df6432eb4dcac363b86a7d4310
Package: Konqueror
Version: 3.2.2-1 (sarge)
Severity: Important
In contrast to other browsers like firefox, Konqueror allows JavaScript to
access other frames in a frameset, loaded with from different (sub)domain. By
that enclosed / secret data can be read through a hidden frameset.
See http://groenndemon.de/bla for demonstration.
(I'd like also to thank the webmaster for motivating me to explore that issue
and setting a wegpage up for demonstration)
(Translation: Action Ă„ndern -> Change action
Passwort klauen -> steel password
Abschicken -> submit)
Please verify this issue on other versions - 3.1.4 seems to be affected as
well.
Keep smiling
yanosz