CVE-2011-1168

Exp

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.

Published: 2011-04-18 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2011-1168 is rated High Exploit Risk (62.8/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.67%). 3 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +1.27% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2011-1168

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2011-1168

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 1.41% 2.67% +1.27%
2 2025-12-14 1.51% 1.41% -0.11%
3 2025-03-30 1.51%

Full EPSS history (16 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2011-1168

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 8.6 2.9 [email protected]

Weakness enumeration for CVE-2011-1168

OS Trackers for CVE-2011-1168

vendor priority summary link
redhat medium https://access.redhat.com/security/cve/CVE-2011-1168
ubuntu medium CVE-2011-1168 medium priority: Ubuntu including 1 source packages (kde4libs), 6 status rows across 6 suites (dapper, hardy, karmic, lucid, maverick, upstream): released 4, DNE 1, ignored 1. https://ubuntu.com/security/CVE-2011-1168

Affected software / configurations for CVE-2011-1168

Vendor Product Version Raw CPE
kde kde_sc 4.4.0 cpe:2.3:a:kde:kde_sc:4.4.0:*:*:*:*:*:*:*
kde kde_sc 4.4.0 cpe:2.3:a:kde:kde_sc:4.4.0:beta1:*:*:*:*:*:*
kde kde_sc 4.4.0 cpe:2.3:a:kde:kde_sc:4.4.0:beta2:*:*:*:*:*:*
kde kde_sc 4.4.0 cpe:2.3:a:kde:kde_sc:4.4.0:rc1:*:*:*:*:*:*
kde kde_sc 4.4.0 cpe:2.3:a:kde:kde_sc:4.4.0:rc2:*:*:*:*:*:*
kde kde_sc 4.4.0 cpe:2.3:a:kde:kde_sc:4.4.0:rc3:*:*:*:*:*:*
kde kde_sc 4.4.1 cpe:2.3:a:kde:kde_sc:4.4.1:*:*:*:*:*:*:*
kde kde_sc 4.4.2 cpe:2.3:a:kde:kde_sc:4.4.2:*:*:*:*:*:*:*
kde kde_sc 4.4.3 cpe:2.3:a:kde:kde_sc:4.4.3:*:*:*:*:*:*:*
kde kde_sc 4.4.4 cpe:2.3:a:kde:kde_sc:4.4.4:*:*:*:*:*:*:*
kde kde_sc 4.4.5 cpe:2.3:a:kde:kde_sc:4.4.5:*:*:*:*:*:*:*
kde kde_sc 4.5.0 cpe:2.3:a:kde:kde_sc:4.5.0:*:*:*:*:*:*:*
kde kde_sc 4.5.1 cpe:2.3:a:kde:kde_sc:4.5.1:*:*:*:*:*:*:*
kde kde_sc 4.5.2 cpe:2.3:a:kde:kde_sc:4.5.2:*:*:*:*:*:*:*
kde kde_sc 4.5.3 cpe:2.3:a:kde:kde_sc:4.5.3:*:*:*:*:*:*:*
kde kde_sc 4.5.4 cpe:2.3:a:kde:kde_sc:4.5.4:*:*:*:*:*:*:*
kde kde_sc 4.5.5 cpe:2.3:a:kde:kde_sc:4.5.5:*:*:*:*:*:*:*
kde kde_sc 4.6 cpe:2.3:a:kde:kde_sc:4.6:beta1:*:*:*:*:*:*
kde kde_sc 4.6 cpe:2.3:a:kde:kde_sc:4.6:beta2:*:*:*:*:*:*
kde kde_sc 4.6 cpe:2.3:a:kde:kde_sc:4.6:rc1:*:*:*:*:*:*
kde kde_sc 4.6 cpe:2.3:a:kde:kde_sc:4.6:rc2:*:*:*:*:*:*
kde kde_sc 4.6.0 cpe:2.3:a:kde:kde_sc:4.6.0:*:*:*:*:*:*:*
kde kde_sc 4.6.1 cpe:2.3:a:kde:kde_sc:4.6.1:*:*:*:*:*:*:*

References for CVE-2011-1168

URL Tags
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://secunia.com/advisories/44065 Vendor Advisory
http://secunia.com/advisories/44108 Vendor Advisory
http://securityreason.com/securityalert/8208
http://securitytracker.com/id?1025322
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.329727
http://www.kde.org/info/security/advisory-20110411-1.txt Exploit Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:075
http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc Exploit
http://www.securityfocus.com/archive/1/517432/100/0/threaded
http://www.securityfocus.com/archive/1/517433/100/0/threaded
http://www.securityfocus.com/bid/47304
http://www.ubuntu.com/usn/USN-1110-1
http://www.vupen.com/english/advisories/2011/0927 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0928 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0990 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=695398 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/66697
cvelogic Threat Intelligence