Lucene search

K

MitreCVELIST:CVE-2008-4696

HistoryOct 23, 2008 - 9:00 p.m.

CVE-2008-4696

2008-10-2321:00:00

mitre

www.cve.org

1

7.4 High

AI Score

Confidence

High

0.856 High

EPSS

Percentile

98.6%

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the “optional fragment”), which is not properly escaped before storage in the History Search database (aka md.dat).

References

lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html

secunia.com/advisories/32299

secunia.com/advisories/32394

secunia.com/advisories/32538

security.gentoo.org/glsa/glsa-200811-01.xml

securityreason.com/securityalert/4504

www.openwall.com/lists/oss-security/2008/10/21/6

www.openwall.com/lists/oss-security/2008/10/22/5

www.opera.com/docs/changelogs/freebsd/961/

www.opera.com/docs/changelogs/linux/961/

www.opera.com/docs/changelogs/mac/961/

www.opera.com/docs/changelogs/solaris/961/

www.opera.com/docs/changelogs/windows/961/

www.opera.com/support/search/view/903/

www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf

www.securityfocus.com/archive/1/497646/100/0/threaded

www.securityfocus.com/bid/31869

www.vupen.com/english/advisories/2008/2873

exchange.xforce.ibmcloud.com/vulnerabilities/46003

www.exploit-db.com/exploits/6801

7.4 High

AI Score

Confidence

High

0.856 High

EPSS

Percentile

98.6%

Related for CVELIST:CVE-2008-4696

prion3 d21 nvd3 packetstorm1 ubuntucve3 cve3 cvelist2 openvas6 nessus2 gentoo1