Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2013 Greenbone AGOPENVAS:1361412562310804102
HistoryOct 01, 2013 - 12:00 a.m.

Opera Cross-Site Scripting (XSS) Vulnerability - Windows

2013-10-0100:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
9

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6

Confidence

High

EPSS

0.001

Percentile

50.7%

JSON

Opera is prone to XSS attack.

# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:opera:opera_browser";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.804102");
  script_version("2024-02-15T05:05:40+0000");
  script_cve_id("CVE-2013-4705");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_tag(name:"last_modification", value:"2024-02-15 05:05:40 +0000 (Thu, 15 Feb 2024)");
  script_tag(name:"creation_date", value:"2013-10-01 09:52:30 +0530 (Tue, 01 Oct 2013)");
  script_name("Opera Cross-Site Scripting (XSS) Vulnerability - Windows");


  script_tag(name:"summary", value:"Opera is prone to XSS attack.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"solution", value:"Upgrade to Opera version 15.00 or later.");
  script_tag(name:"insight", value:"The flaw is due to some error when encoding settings are set to UTF-8.");
  script_tag(name:"affected", value:"Opera versions prior to 15.00 on Windows.");
  script_tag(name:"impact", value:"Successful exploitation will let attacker to execute an arbitrary web
script or HTML on the user's web browser.");
  script_tag(name:"qod_type", value:"registry");
  script_tag(name:"solution_type", value:"VendorFix");

  script_xref(name:"URL", value:"http://jvn.jp/en/jp/JVN01094166/index.html");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/31795");
  script_xref(name:"URL", value:"http://jvndb.jvn.jp/jvndb/JVNDB-2013-000086");
  script_xref(name:"URL", value:"http://www.opera.com/docs/changelogs/unified/1500");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2013 Greenbone AG");
  script_family("General");
  script_dependencies("gb_opera_detect_portable_win.nasl");
  script_mandatory_keys("Opera/Win/Version");
  exit(0);
}


include("version_func.inc");
include("host_details.inc");

if(!operaVer = get_app_version(cpe:CPE)){
  exit(0);
}

if(version_is_less(version:operaVer, test_version:"15.0"))
{
  report = report_fixed_ver(installed_version:operaVer, fixed_version:"15.0");
  security_message(port: 0, data: report);
  exit(0);
}

Related

jvn 1
openvas 1
cve 1
prion 1
cvelist 1
nessus 1
nvd 1
jvn
jvn
JVN#01094166: Opera vulnerable to cross-site scripting
2013-09-12 00:00:00
openvas
openvas
Opera Cross-Site Scripting (XSS) Vulnerability - Mac OS X
2013-10-01 00:00:00
cve
cve
CVE-2013-4705
2022-10-03 16:14:57
prion
prion
Cross site scripting
2013-09-13 14:10:00
cvelist
cvelist
CVE-2013-4705
2022-10-03 16:14:57
nessus
nessus
Opera < 15 UTF-8 Encoding XSS
2013-09-30 00:00:00
nvd
nvd
CVE-2013-4705
2013-09-13 14:10:07

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6

Confidence

High

EPSS

0.001

Percentile

50.7%

JSON
Related for OPENVAS:1361412562310804102
jvn1openvas1cve1prion1cvelist1nessus1nvd1