Lucene search

K
cve[email protected]CVE-2008-4725
HistoryOct 23, 2008 - 10:00 p.m.

CVE-2008-4725

2008-10-2322:00:01
CWE-79
web.nvd.nist.gov
26
cve-2008-4725
cross-site scripting
xss vulnerability
opera 9.52
remote attackers
web script
html
query string

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.856 High

EPSS

Percentile

98.6%

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database (aka md.dat), a different vector than CVE-2008-4696. NOTE: some of these issues were addressed before 9.60.

Affected configurations

NVD
Node
operaopera_browserMatch9.52

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.856 High

EPSS

Percentile

98.6%