CVE-2013-1436

Name of the Vulnerable Software and Affected Versions xmonad-contrib versions prior to 0.11.2

Description The issue allows remote attackers to execute arbitrary commands via a web page title. This can be achieved when the user clicks on the xmobar window title, as demonstrated using an action tag. The XMonad.Hooks.DynamicLog module in xmonad-contrib is affected, potentially leading to disruption of confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 0.11.2, update to version 0.11.2 or later to resolve the issue. As a temporary workaround, consider disabling the XMonad.Hooks.DynamicLog module until a patch is available. Restrict access to the xmobar window title to minimize the risk of exploitation.