UBUNTU-CVE-2016-7966
- Source
- https://ubuntu.com/security/CVE-2016-7966
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-7966.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-7966
- Upstream
- Related
- Published
- 2016-10-05T00:00:00Z
- Modified
- 2025-09-08T16:43:53Z
- Severity
-
- 7.3 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.
- References
Affected packages
Ubuntu:14.04:LTS / kdepimlibs
Package
- Name
- kdepimlibs
- Purl
- pkg:deb/ubuntu/kdepimlibs@4:4.13.3-0ubuntu0.4?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4:4.13.3-0ubuntu0.4
Affected versions
4:4.*
4:4.11.2-0ubuntu1
4:4.11.2-0ubuntu2
4:4.11.80-0ubuntu1
4:4.11.95-0ubuntu1
4:4.11.97-0ubuntu1
4:4.12.0-0ubuntu1
4:4.12.1-0ubuntu1
4:4.12.2-0ubuntu1
4:4.12.2-0ubuntu2
4:4.12.3-0ubuntu1
4:4.12.90-0ubuntu2
4:4.12.95-0ubuntu1
4:4.12.97-0ubuntu1
4:4.13.0-0ubuntu1
4:4.13.1-0ubuntu0.1
4:4.13.2-0ubuntu0.1
4:4.13.3-0ubuntu0.1
4:4.13.3-0ubuntu0.2
4:4.13.3-0ubuntu0.3
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "kdepimlibs-kio-plugins",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "kdepimlibs5-dev",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libakonadi-calendar4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libakonadi-contact4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libakonadi-kabc4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libakonadi-kcal4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libakonadi-kde4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libakonadi-kmime4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libakonadi-notes4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libakonadi-socialutils4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libakonadi-xml4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libgpgme++2",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkabc4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkalarmcal2",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkblog4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkcal4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkcalcore4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkcalutils4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkholidays4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkimap4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkldap4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkmbox4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkmime4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkontactinterface4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkpimidentities4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkpimtextedit4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkpimutils4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkresources4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libktnef4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libkxmlrpcclient4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libmailtransport4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libmicroblog4",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libqgpgme1",
"binary_version": "4:4.13.3-0ubuntu0.4"
},
{
"binary_name": "libsyndication4",
"binary_version": "4:4.13.3-0ubuntu0.4"
}
]
}
Ubuntu:16.04:LTS / kcoreaddons
Package
- Name
- kcoreaddons
- Purl
- pkg:deb/ubuntu/kcoreaddons@5.18.0-0ubuntu1.1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.18.0-0ubuntu1.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libkf5coreaddons-bin-dev",
"binary_version": "5.18.0-0ubuntu1.1"
},
{
"binary_name": "libkf5coreaddons-data",
"binary_version": "5.18.0-0ubuntu1.1"
},
{
"binary_name": "libkf5coreaddons-dev",
"binary_version": "5.18.0-0ubuntu1.1"
},
{
"binary_name": "libkf5coreaddons5",
"binary_version": "5.18.0-0ubuntu1.1"
}
]
}