CVE-2016-7966

Name of the Vulnerable Software and Affected Versions KMail (affected versions not specified)

Description The issue allows for HTML code injection in KMail's plaintext viewer through a malicious URL containing a quote character. However, the parser used on the URL limits the injected HTML functionality by not allowing the inclusion of the equal sign (=) or a space. It is possible to include an HTML comment indicator to hide content.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.