CVE-2018-1000559 Vulnerability Details
/
/
/
CVE-2018-1000559 Metadata Quick Info
CVE Published: 26/06/2018 |
CVE Updated: 05/08/2024 |
CVE Year: 2018
Source: mitre |
Vendor: n/a |
Product: n/a
Status : PUBLISHED
CVE-2018-1000559 Description
qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user\'s browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted
attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week). <br /><br />
<h2>Metrics</h2>
<span style = "font-size:14px;" >CVSS Version: 3.1</span> |
<span style = "font-size:14px;" >Base Score: n/a </span><br />
<span style = "font-size:14px;" >Vector: n/a</span> <br /><br />
<span style = "font-size:14px;" ><strong>l➤ Exploitability Metrics:</strong><br />
<span style = "font-size:14px;" > Attack Vector (AV)* </span> <br />
<span style = "font-size:14px;" > Attack Complexity (AC)* </span> <br />
<span style = "font-size:14px;" > Privileges Required (PR)* </span> <br />
<span style = "font-size:14px;" > User Interaction (UI)* </span> <br />
<span style = "font-size:14px;" > Scope (S)* </span> <br /><br />
<span style = "font-size:14px;" ><strong>l➤ Impact Metrics:</strong><br />
<span style = "font-size:14px;" > Confidentiality Impact (C)* </span> <br />
<span style = "font-size:14px;" > Integrity Impact (I)* </span> <br />
<span style = "font-size:14px;" > Availability Impact (A)* </span> <br /><br />
<h2>Weakness Enumeration (CWE)</h2>
<span style = "font-size:14px;" >CWE-ID: </span> <br />
<span style = "font-size:14px;" >CWE Name: n/a</span> <br />
<span style = "font-size:14px;" >Source: n/a</span> <br /><br />
<h2>Common Attack Pattern Enumeration and Classification (CAPEC)</h2>
<span style = "font-size:14px;" >CAPEC-ID: </span> <br />
<span style = "font-size:14px;" >CAPEC Description: </span> <br /><br /><br />
<span style = "font-size:12px;">
Source: NVD (National Vulnerability Database).
</span>
</p>
</div>
</div>
</section>
<section class="defend">
<div class="inner-section">
<div class="gridx2">
<div class="grid-text">
<caption>
<!-- <h2></h2> <br /> -->
</caption>
<table class="report-table">
<caption>
Last added CVEs
</caption>
<tr>
<td>
<a href = "">
<svg xmlns="http://www.w3.org/2000/svg" width="25" height="25" fill="currentColor" class="bi bi-bug" viewBox="0 0 16 16">
<path d="M4.355.522a.5.5 0 0 1 .623.333l.291.956A5 5 0 0 1 8 1c1.007 0 1.946.298 2.731.811l.29-.956a.5.5 0 1 1 .957.29l-.41 1.352A5 5 0 0 1 13 6h.5a.5.5 0 0 0 .5-.5V5a.5.5 0 0 1 1 0v.5A1.5 1.5 0 0 1 13.5 7H13v1h1.5a.5.5 0 0 1 0 1H13v1h.5a1.5 1.5 0 0 1 1.5 1.5v.5a.5.5 0 1 1-1 0v-.5a.5.5 0 0 0-.5-.5H13a5 5 0 0 1-10 0h-.5a.5.5 0 0 0-.5.5v.5a.5.5 0 1 1-1 0v-.5A1.5 1.5 0 0 1 2.5 10H3V9H1.5a.5.5 0 0 1 0-1H3V7h-.5A1.5 1.5 0 0 1 1 5.5V5a.5.5 0 0 1 1 0v.5a.5.5 0 0 0 .5.5H3c0-1.364.547-2.601 1.432-3.503l-.41-1.352a.5.5 0 0 1 .333-.623M4 7v4a4 4 0 0 0 3.5 3.97V7zm4.5 0v7.97A4 4 0 0 0 12 11V7zM12 6a4 4 0 0 0-1.334-2.982A3.98 3.98 0 0 0 8 2a3.98 3.98 0 0 0-2.667 1.018A4 4 0 0 0 4 6z"/>
</svg><br />
▸ CVE-2024-9999 ◂<br />
Discovered: 12/11/2024<br />
Status: PUBLISHED </a>
</td>
<td>
<a href = "">
<svg xmlns="http://www.w3.org/2000/svg" width="25" height="25" fill="currentColor" class="bi bi-bug" viewBox="0 0 16 16">
<path d="M4.355.522a.5.5 0 0 1 .623.333l.291.956A5 5 0 0 1 8 1c1.007 0 1.946.298 2.731.811l.29-.956a.5.5 0 1 1 .957.29l-.41 1.352A5 5 0 0 1 13 6h.5a.5.5 0 0 0 .5-.5V5a.5.5 0 0 1 1 0v.5A1.5 1.5 0 0 1 13.5 7H13v1h1.5a.5.5 0 0 1 0 1H13v1h.5a1.5 1.5 0 0 1 1.5 1.5v.5a.5.5 0 1 1-1 0v-.5a.5.5 0 0 0-.5-.5H13a5 5 0 0 1-10 0h-.5a.5.5 0 0 0-.5.5v.5a.5.5 0 1 1-1 0v-.5A1.5 1.5 0 0 1 2.5 10H3V9H1.5a.5.5 0 0 1 0-1H3V7h-.5A1.5 1.5 0 0 1 1 5.5V5a.5.5 0 0 1 1 0v.5a.5.5 0 0 0 .5.5H3c0-1.364.547-2.601 1.432-3.503l-.41-1.352a.5.5 0 0 1 .333-.623M4 7v4a4 4 0 0 0 3.5 3.97V7zm4.5 0v7.97A4 4 0 0 0 12 11V7zM12 6a4 4 0 0 0-1.334-2.982A3.98 3.98 0 0 0 8 2a3.98 3.98 0 0 0-2.667 1.018A4 4 0 0 0 4 6z"/>
</svg><br />
▸ CVE-2024-9997 ◂<br />
Discovered: 29/10/2024<br />
Status: PUBLISHED </a>
</td>
<td>
<a href = "">
<svg xmlns="http://www.w3.org/2000/svg" width="25" height="25" fill="currentColor" class="bi bi-bug" viewBox="0 0 16 16">
<path d="M4.355.522a.5.5 0 0 1 .623.333l.291.956A5 5 0 0 1 8 1c1.007 0 1.946.298 2.731.811l.29-.956a.5.5 0 1 1 .957.29l-.41 1.352A5 5 0 0 1 13 6h.5a.5.5 0 0 0 .5-.5V5a.5.5 0 0 1 1 0v.5A1.5 1.5 0 0 1 13.5 7H13v1h1.5a.5.5 0 0 1 0 1H13v1h.5a1.5 1.5 0 0 1 1.5 1.5v.5a.5.5 0 1 1-1 0v-.5a.5.5 0 0 0-.5-.5H13a5 5 0 0 1-10 0h-.5a.5.5 0 0 0-.5.5v.5a.5.5 0 1 1-1 0v-.5A1.5 1.5 0 0 1 2.5 10H3V9H1.5a.5.5 0 0 1 0-1H3V7h-.5A1.5 1.5 0 0 1 1 5.5V5a.5.5 0 0 1 1 0v.5a.5.5 0 0 0 .5.5H3c0-1.364.547-2.601 1.432-3.503l-.41-1.352a.5.5 0 0 1 .333-.623M4 7v4a4 4 0 0 0 3.5 3.97V7zm4.5 0v7.97A4 4 0 0 0 12 11V7zM12 6a4 4 0 0 0-1.334-2.982A3.98 3.98 0 0 0 8 2a3.98 3.98 0 0 0-2.667 1.018A4 4 0 0 0 4 6z"/>
</svg><br />
▸ CVE-2024-9996 ◂<br />
Discovered: 29/10/2024<br />
Status: PUBLISHED </a>
</td>
</tr>
</table>
<caption>
<br /><br /><br />
<p class="vuln-info">
<strong>Tags:</strong><br />
CVE-2018-1000559 Vulnerability Details
</p>
</caption>
<br />
</div>
</div>
</div>
</section>
<footer>
<div class="footer-logo">
<svg xmlns="http://www.w3.org/2000/svg" width="58" height="58" fill="#f18a3b" class="bi bi-cloud-download" viewBox="0 0 16 16">
<path d="M4.406 1.342A5.53 5.53 0 0 1 8 0c2.69 0 4.923 2 5.166 4.579C14.758 4.804 16 6.137 16 7.773 16 9.569 14.502 11 12.687 11H10a.5.5 0 0 1 0-1h2.688C13.979 10 15 8.988 15 7.773c0-1.216-1.02-2.228-2.313-2.228h-.5v-.5C12.188 2.825 10.328 1 8 1a4.53 4.53 0 0 0-2.941 1.1c-.757.652-1.153 1.438-1.153 2.055v.448l-.445.049C2.064 4.805 1 5.952 1 7.318 1 8.785 2.23 10 3.781 10H6a.5.5 0 0 1 0 1H3.781C1.708 11 0 9.366 0 7.318c0-1.763 1.266-3.223 2.942-3.593.143-.863.698-1.723 1.464-2.383"/>
<path d="M7.646 15.854a.5.5 0 0 0 .708 0l3-3a.5.5 0 0 0-.708-.708L8.5 14.293V5.5a.5.5 0 0 0-1 0v8.793l-2.146-2.147a.5.5 0 0 0-.708.708z"/>
</svg>
<span style = "font-size: 22px; color: #fff; padding: 0 10px;">
Free Software Downloads, News and Reviews
</span>
</div>
<div class="footer-inner">
<div class="footer-column">
<strong>Info</strong>
<ul>
</ul>
</div>
<div class="footer-column">
<strong>Legal</strong>
<ul>
<li><a title = "GDPR" href="#">GDPR</a></li>
<li><a title = "Contact" href="https://freedownloadsnow.com/contact">Contact</a></li>
<li><a title = "ToS" href="#">ToS</a></li>
<li><a title = "Sitemap" href="https://freedownloadsnow.com/sitemap">Sitemap</a></li>
</ul>
</div>
<div class="footer-column">
<strong>Partners</strong>
<ul>
<li>
<a target="_blank" title = "Curs Cybersecurity" href="https://www.curs-cybersecurity.ro/">
<svg xmlns="http://www.w3.org/2000/svg" width="15" height="15" fill="currentColor" class="bi bi-shield-fill-check" viewBox="0 0 16 16">
<path fill-rule="evenodd" d="M8 0c-.69 0-1.843.265-2.928.56-1.11.3-2.229.655-2.887.87a1.54 1.54 0 0 0-1.044 1.262c-.596 4.477.787 7.795 2.465 9.99a11.8 11.8 0 0 0 2.517 2.453c.386.273.744.482 1.048.625.28.132.581.24.829.24s.548-.108.829-.24a7 7 0 0 0 1.048-.625 11.8 11.8 0 0 0 2.517-2.453c1.678-2.195 3.061-5.513 2.465-9.99a1.54 1.54 0 0 0-1.044-1.263 63 63 0 0 0-2.887-.87C9.843.266 8.69 0 8 0m2.146 5.146a.5.5 0 0 1 .708.708l-3 3a.5.5 0 0 1-.708 0l-1.5-1.5a.5.5 0 1 1 .708-.708L7.5 7.793z"></path>
</svg> Curs-cybersecurity.ro
</a>
</li>
</ul>
</div>
<div class="footer-column">
<strong>Last News</strong>
<ul>
<li>
<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-calendar" viewBox="0 0 16 16">
<path d="M3.5 0a.5.5 0 0 1 .5.5V1h8V.5a.5.5 0 0 1 1 0V1h1a2 2 0 0 1 2 2v11a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2V3a2 2 0 0 1 2-2h1V.5a.5.5 0 0 1 .5-.5M1 4v10a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1V4z"/>
</svg>
01/07/2025 <a title = "ArcSight prepares for future at user conference post HP acquisition" href ="https://freedownloadsnow.com/news/news-ArcSight-prepares-for-future-at-user-conference-post-HP-acquisition-id29445">
ArcSight prepares for ...
</a><br>
<li>
</ul>
<ul>
<li>
<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-calendar" viewBox="0 0 16 16">
<path d="M3.5 0a.5.5 0 0 1 .5.5V1h8V.5a.5.5 0 0 1 1 0V1h1a2 2 0 0 1 2 2v11a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2V3a2 2 0 0 1 2-2h1V.5a.5.5 0 0 1 .5-.5M1 4v10a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1V4z"/>
</svg>
01/07/2025 <a title = "Samsung Epic 4G: First To Use Media Hub" href ="https://freedownloadsnow.com/news/news-Samsung-Epic-4G:-First-To-Use-Media-Hub-id29444">
Samsung Epic 4G: ...
</a><br>
<li>
</ul>
<ul>
<li>
<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-calendar" viewBox="0 0 16 16">
<path d="M3.5 0a.5.5 0 0 1 .5.5V1h8V.5a.5.5 0 0 1 1 0V1h1a2 2 0 0 1 2 2v11a2 2 0 0 1-2 2H2a2 2 0 0 1-2-2V3a2 2 0 0 1 2-2h1V.5a.5.5 0 0 1 .5-.5M1 4v10a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1V4z"/>
</svg>
01/07/2025 <a title = "Many third-party software fails security tests" href ="https://freedownloadsnow.com/news/news-Many-third-party-software-fails-security-tests-id29443">
Many third-party software ...
</a><br>
<li>
</ul>
</div>
</div>
<div>
<div class="footer-social">
<a class="facebook" href="#">facebook</a>
<a class="twitter" href="#">twitter</a>
<a class="youtube" href="#">youtube</a>
<a class="linkedin" href="#">linkedin</a>
</div>
<p class="copyright"><span>Copyright © 2025 Free Downloads Now</span></p>
</div>
</footer>
</body>
</html>