Benjamin Brandtner

**Name of the Vulnerable Software and Affected Versions** qutebrowser versions 0.11.0 through 1.3.2 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability in the history command and the qute://history page. This vulnerability can be exploited when a victim opens a page with a specially crafted `title` attribute and then opens the qute://history site via the :history command, allowing a website to steal the user's browsing history through injected JavaScript code. **Recommendations** For versions 0.11.0 through 1.3.2, update to version 1.3.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the :history command and the qute://history page until the update is applied.