CVE-2021-41146
- EPSS 0.89%
- Published 21.10.2021 18:15:10
- Last modified 21.11.2024 06:25:35
qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certain applications, opening a specially crafted `qute...
CVE-2020-11054
- EPSS 0.65%
- Published 07.05.2020 21:15:11
- Last modified 21.11.2024 04:56:41
In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affec...
CVE-2018-10895
- EPSS 0.18%
- Published 12.07.2018 12:29:00
- Last modified 21.11.2024 03:42:14
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash...
CVE-2018-1000559
- EPSS 0.5%
- Published 26.06.2018 16:29:02
- Last modified 21.11.2024 03:40:11
qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the ...