Lucene search

K

MitreCVELIST:CVE-2008-4696

HistoryOct 23, 2008 - 9:00 p.m.

CVE-2008-4696

2008-10-2321:00:00

mitre

www.cve.org

5

AI Score

7.4

Confidence

High

EPSS

0.832

Percentile

98.5%

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the “optional fragment”), which is not properly escaped before storage in the History Search database (aka md.dat).

References

lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html

secunia.com/advisories/32299

secunia.com/advisories/32394

secunia.com/advisories/32538

security.gentoo.org/glsa/glsa-200811-01.xml

securityreason.com/securityalert/4504

www.openwall.com/lists/oss-security/2008/10/21/6

www.openwall.com/lists/oss-security/2008/10/22/5

www.opera.com/docs/changelogs/freebsd/961/

www.opera.com/docs/changelogs/linux/961/

www.opera.com/docs/changelogs/mac/961/

www.opera.com/docs/changelogs/solaris/961/

www.opera.com/docs/changelogs/windows/961/

www.opera.com/support/search/view/903/

www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf

www.securityfocus.com/archive/1/497646/100/0/threaded

www.securityfocus.com/bid/31869

www.vupen.com/english/advisories/2008/2873

exchange.xforce.ibmcloud.com/vulnerabilities/46003

www.exploit-db.com/exploits/6801

AI Score

7.4

Confidence

High

EPSS

0.832

Percentile

98.5%

Related for CVELIST:CVE-2008-4696

prion3 d21 exploitdb3 nvd3 cve3 ubuntucve3 packetstorm1 cvelist2 openvas6 nessus2 gentoo1