Darron Burton

**Name of the Vulnerable Software and Affected Versions** KDE-Runtime versions 4.14.3 and earlier kwebkitpart versions 1.3.4 and earlier kio-extras versions 5.1.1 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via a crafted URI using various schemes, which is not properly handled in an error message. The affected schemes include `zip`, `trash`, `tar`, `thumbnail`, `smtps`, `smtp`, `smb`, `remote`, `recentdocuments`, `nntps`, `nntp`, `network`, `mbox`, `ldaps`, `ldap`, `fonts`, `file`, `desktop`, `cgi`, `bookmarks`, or `ar`. **Recommendations** For KDE-Runtime versions 4.14.3 and earlier, consider disabling the handling of crafted URIs using the affected schemes until a patch is available. For kwebkitpart versions 1.3.4 and earlier, restrict access to the vulnerable components to minimize the risk of exploitation. For kio-extras versions 5.1.1 and earlier, avoid using the affected schemes in error messages until the issue is resolved.