Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4725

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-4725
Last Modified 07 Mar 2011 10:12:56
Published 23 Oct 2008 06:00:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4725

Summary

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60.

Vulnerable Systems

Application

  • Opera Browser 9.52


References

XF - opera-opera-querystring-xss(46231)

XF - opera-historysearch-xss(46003)

VUPEN - ADV-2008-2873

BID - 31869

BUGTRAQ - 20081022 Opera Stored Cross Site Scripting Vulnerability

MISC - http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf

CONFIRM - http://www.opera.com/support/search/view/903/

MISC - http://www.opera.com/docs/changelogs/windows/961/

MISC - http://www.opera.com/docs/changelogs/solaris/961/

MISC - http://www.opera.com/docs/changelogs/mac/961/

MISC - http://www.opera.com/docs/changelogs/linux/961/

MISC - http://www.opera.com/docs/changelogs/freebsd/961/

MLIST - [oss-security] 20081022 Re: CVE Request: Opera 9.60 with security fixes

MLIST - [oss-security] 20081021 Re: CVE Request: Opera 9.60 with security fixes

MILW0RM - 6801

SREASON - 4504

SECUNIA - 32299


Last Updated: 27 May 2016 10:48:36