{"id":"CVE-2017-6503","details":"WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.","modified":"2026-07-08T16:53:16.983374Z","published":"2017-03-06T02:59:00.743Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/96758"},{"type":"FIX","url":"https://github.com/qbittorrent/qBittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16"},{"type":"FIX","url":"https://www.qbittorrent.org/news.php"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qbittorrent/qbittorrent","events":[{"introduced":"0"},{"last_affected":"4eac2cab318c544c7e3121b3997ab94aca567728"},{"fixed":"6ca3e4f094da0a0017cb2d483ec1db6176bb0b16"}],"database_specific":{"source":["CPE_RANGE","REFERENCES"],"extracted_events":[{"introduced":"0"},{"last_affected":"3.3.10"}],"cpe":"cpe:2.3:a:qbittorrent:qbittorrent:*:*:*:*:*:*:*:*"}}],"versions":["release-3.3.10","release-3.3.9","release-3.3.8","release-3.3.7","release-3.3.6","release-3.3.5","release-3.3.4","release-3.3.3","release-3.3.2","release-3.3.1","release-3.3.0","release-3.0.0","release-2.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6503.json","vanir_signatures":[{"deprecated":false,"signature_version":"v1","id":"CVE-2017-6503-35faa0dd","signature_type":"Line","target":{"file":"src/gui/properties/propertieswidget.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","digest":{"line_hashes":["48618559910933315555550741766578909898","94898622498664913251430441506174751952","44797966479474966525961246575245035638","185880968211157888779939959372448423929","189258922099877177576852192982082302879","338895098852573818719662445618442206720"],"threshold":0.9}},{"deprecated":false,"signature_version":"v1","id":"CVE-2017-6503-3899d4a5","signature_type":"Line","target":{"file":"src/base/logger.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","digest":{"line_hashes":["233509018470064228684480277402438007569","151908066262400473475164498328073111074","329480381762994020184551686961880477196","20852449753772302925817548026169583900","164246782185912083661161636700000005324","271242193035481665560631187940250235744","116482884772017208197721294700350050815","177343659139233130544608066437550441382","6601692464133387446339649614947449168","275479931589891395744160830164021905320"],"threshold":0.9}},{"deprecated":false,"signature_version":"v1","id":"CVE-2017-6503-46295d3a","signature_type":"Line","target":{"file":"src/gui/deletionconfirmationdlg.h"},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","digest":{"line_hashes":["291188985003732846589226656869466976303","262175729038848040008897503785860692314","27505096191420964322354555897610999152","326504563255106739596459208376493163543","7268769816573936996848287650462271144","53719890752976671106449660320672056445","173633353691720488412276884106506626167","75648770658042306568940301710549399611","147463194285757156949629400039930711014"],"threshold":0.9}},{"deprecated":false,"signature_version":"v1","id":"CVE-2017-6503-8ab3d750","signature_type":"Function","target":{"function":"Logger::addMessage","file":"src/base/logger.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","digest":{"function_hash":"92775857306700432190514671989575937620","length":320}},{"deprecated":false,"signature_version":"v1","id":"CVE-2017-6503-ae85b39a","signature_type":"Function","target":{"function":"Logger::addPeer","file":"src/base/logger.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","digest":{"function_hash":"114865918741609473804531006061921442790","length":331}},{"deprecated":false,"signature_version":"v1","id":"CVE-2017-6503-bf47a9bd","signature_type":"Line","target":{"file":"src/base/utils/string.h"},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","digest":{"line_hashes":["12876673985119035764107724111325859294","30213864603390198813579797111603333697","115431095429169769413068563272854879796"],"threshold":0.9}},{"deprecated":false,"signature_version":"v1","id":"CVE-2017-6503-d8c75026","signature_type":"Line","target":{"file":"src/gui/properties/peerlistwidget.cpp"},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","digest":{"line_hashes":["150382242333414115021801530059710814284","11803751291287832047309035772968133212","288313758785127689150132838477547543440","76632614504937806188288078716716235187","317603350759272619625809304940772004733","11803751291287832047309035772968133212","288313758785127689150132838477547543440","76632614504937806188288078716716235187"],"threshold":0.9}}],"vanir_signatures_modified":"2026-07-08T16:53:16Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}