Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4696

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-4696
Last Modified 07 Mar 2011 10:12:54
Published 23 Oct 2008 06:00:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4696

Summary

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).

Vulnerable Systems

Application

  • Opera

  • Opera 5..10

  • Opera 5.0

  • Opera 5.1

  • Opera 5.11

  • Opera 5.12

  • Opera 5.2

  • Opera 5.3

  • Opera 5.4

  • Opera 5.5

  • Opera 5.6

  • Opera 5.7

  • Opera 5.8

  • Opera 5.9

  • Opera 6

  • Opera 6.0

  • Opera 6.01

  • Opera 6.02

  • Opera 6.03

  • Opera 6.04

  • Opera 6.05

  • Opera 6.06

  • Opera 7

  • Opera 7.0

  • Opera 7.01

  • Opera 7.02

  • Opera 7.03

  • Opera 7.10

  • Opera 7.11

  • Opera 7.20

  • Opera 7.21

  • Opera 7.22

  • Opera 7.23

  • Opera 7.50

  • Opera 7.51

  • Opera 7.52

  • Opera 7.53

  • Opera 7.54

  • Opera 8.0

  • Opera 8.01

  • Opera 8.02

  • Opera 8.50

  • Opera 8.51

  • Opera 8.52

  • Opera 8.53

  • Opera 8.54

  • Opera 9.0

  • Opera 9.01

  • Opera 9.02

  • Opera 9.10

  • Opera 9.20

  • Opera 9.21

  • Opera 9.22

  • Opera 9.23

  • Opera 9.24

  • Opera 9.25

  • Opera 9.26

  • Opera 9.27

  • Opera 9.50

  • Opera 9.51

  • Opera 9.6


References

BID - 31869

CONFIRM - http://www.opera.com/docs/changelogs/mac/961/

CONFIRM - http://www.opera.com/docs/changelogs/linux/961/

CONFIRM - http://www.opera.com/docs/changelogs/freebsd/961/

XF - opera-historysearch-xss(46003)

VUPEN - ADV-2008-2873

BUGTRAQ - 20081022 Opera Stored Cross Site Scripting Vulnerability

MISC - http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf

CONFIRM - http://www.opera.com/support/search/view/903/

CONFIRM - http://www.opera.com/docs/changelogs/windows/961/

CONFIRM - http://www.opera.com/docs/changelogs/solaris/961/

MLIST - [oss-security] 20081022 Re: CVE Request: Opera 9.60 with security fixes

MLIST - [oss-security] 20081021 Re: CVE Request: Opera 9.60 with security fixes

MILW0RM - 6801

SREASON - 4504

GENTOO - GLSA-200811-01

SECUNIA - 32538

SECUNIA - 32394

SECUNIA - 32299

SUSE - SUSE-SR:2008:022


Last Updated: 27 May 2016 10:48:36