VYPR
Unrated severityNVD Advisory· Published Dec 8, 2014· Updated Jun 17, 2026

CVE-2014-8600

CVE-2014-8600

Description

Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • KDE/Kde Runtime2 versions
    cpe:2.3:a:kde:kde-runtime:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:kde:kde-runtime:*:*:*:*:*:*:*:*range: <=4.14.2
    • (no CPE)range: <=4.14.3
  • KDE/Kio Extras2 versions
    cpe:2.3:a:kde:kio-extras:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:kde:kio-extras:*:*:*:*:*:*:*:*range: <=5.1.1
    • (no CPE)range: <=5.1.1
  • cpe:2.3:a:urs_wolfer:kwebkitpart:*:*:*:*:*:*:*:*
    Range: <=1.3.3
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • KDE/kwebkitpartllm-create
    Range: <=1.3.4

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.