Kde · Kmail · CVE-2016-7966
**Name of the Vulnerable Software and Affected Versions**
KMail (affected versions not specified)
**Description**
The issue allows for HTML code injection in KMail's plaintext viewer through a malicious URL containing a quote character. However, the parser used on the URL limits the injected HTML functionality by not allowing the inclusion of the equal sign (=) or a space. It is possible to include an HTML comment indicator to hide content.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.