Lucene search

K
cve[email protected]CVE-2008-4725
HistoryOct 23, 2008 - 10:00 p.m.

CVE-2008-4725

2008-10-2322:00:01
CWE-79
web.nvd.nist.gov
26
cve-2008-4725
cross-site scripting
xss vulnerability
opera 9.52
remote attackers
web script
html
query string

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.856 High

EPSS

Percentile

98.6%

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60.

Affected configurations

NVD
Node
operaopera_browserMatch9.52

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.856 High

EPSS

Percentile

98.6%