MidnightBSD

Advisories for xmonad

CVE-2013-1436 HIGH

The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the xmobar window title, as demonstrated using an action tag.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
xmonad xmonad-contrab *
xmonad xmonad-contrab 0.11