{"id":"CVE-2017-6503","details":"WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.","modified":"2026-04-11T04:59:47.572592Z","published":"2017-03-06T02:59:00.743Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/96758"},{"type":"FIX","url":"https://github.com/qbittorrent/qBittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16"},{"type":"FIX","url":"https://www.qbittorrent.org/news.php"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/qbittorrent/qbittorrent","events":[{"introduced":"0"},{"last_affected":"4eac2cab318c544c7e3121b3997ab94aca567728"},{"fixed":"6ca3e4f094da0a0017cb2d483ec1db6176bb0b16"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.3.10"}]}}],"versions":["release-2.9.0","release-3.0.0","release-3.3.0","release-3.3.1","release-3.3.10","release-3.3.2","release-3.3.3","release-3.3.4","release-3.3.5","release-3.3.6","release-3.3.7","release-3.3.8","release-3.3.9"],"database_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["48618559910933315555550741766578909898","94898622498664913251430441506174751952","44797966479474966525961246575245035638","185880968211157888779939959372448423929","189258922099877177576852192982082302879","338895098852573818719662445618442206720"]},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","id":"CVE-2017-6503-35faa0dd","signature_type":"Line","signature_version":"v1","target":{"file":"src/gui/properties/propertieswidget.cpp"},"deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["233509018470064228684480277402438007569","151908066262400473475164498328073111074","329480381762994020184551686961880477196","20852449753772302925817548026169583900","164246782185912083661161636700000005324","271242193035481665560631187940250235744","116482884772017208197721294700350050815","177343659139233130544608066437550441382","6601692464133387446339649614947449168","275479931589891395744160830164021905320"]},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","id":"CVE-2017-6503-3899d4a5","signature_type":"Line","signature_version":"v1","target":{"file":"src/base/logger.cpp"},"deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["291188985003732846589226656869466976303","262175729038848040008897503785860692314","27505096191420964322354555897610999152","326504563255106739596459208376493163543","7268769816573936996848287650462271144","53719890752976671106449660320672056445","173633353691720488412276884106506626167","75648770658042306568940301710549399611","147463194285757156949629400039930711014"]},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","id":"CVE-2017-6503-46295d3a","signature_type":"Line","signature_version":"v1","target":{"file":"src/gui/deletionconfirmationdlg.h"},"deprecated":false},{"digest":{"length":320,"function_hash":"92775857306700432190514671989575937620"},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","id":"CVE-2017-6503-8ab3d750","signature_type":"Function","signature_version":"v1","target":{"file":"src/base/logger.cpp","function":"Logger::addMessage"},"deprecated":false},{"digest":{"length":331,"function_hash":"114865918741609473804531006061921442790"},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","id":"CVE-2017-6503-ae85b39a","signature_type":"Function","signature_version":"v1","target":{"file":"src/base/logger.cpp","function":"Logger::addPeer"},"deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["12876673985119035764107724111325859294","30213864603390198813579797111603333697","115431095429169769413068563272854879796"]},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","id":"CVE-2017-6503-bf47a9bd","signature_type":"Line","signature_version":"v1","target":{"file":"src/base/utils/string.h"},"deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["150382242333414115021801530059710814284","11803751291287832047309035772968133212","288313758785127689150132838477547543440","76632614504937806188288078716716235187","317603350759272619625809304940772004733","11803751291287832047309035772968133212","288313758785127689150132838477547543440","76632614504937806188288078716716235187"]},"source":"https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","id":"CVE-2017-6503-d8c75026","signature_type":"Line","signature_version":"v1","target":{"file":"src/gui/properties/peerlistwidget.cpp"},"deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6503.json","vanir_signatures_modified":"2026-04-11T04:59:47Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}