CVE-2008-4697

The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting XSS attacks...

Cross site scripting

Cross-site scripting XSS vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier aka the "optional fragment", which is not properly escaped before storage in the History Search database aka md.dat...

CVE-2008-4725

Cross-site scripting XSS vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database aka md.dat, a different vector than CVE-2008-4696. NOTE: some of these...

CVE-2008-4696

Opera history search, a cross-site scripting flaw in History Search results (CVE-2008-4696), occurs when certain anchor identifiers are not properly escaped before storage in md.dat. Affected product: Opera (Windows/macOS/Linux) prior to version 9.61/9.62 per advisories; root cause is insufficien...

CVE-2008-4698

CVE-2008-4698 affects Opera before 9.61, where the browser does not properly block scripts during preview of a news feed, enabling a remote attacker to create arbitrary new feed subscriptions and read contents of feeds. Public sources in the connected docs describe Opera as vulnerable to inline s...

CVE-2008-4697

CVE-2008-4697 affects Opera before 9.61 where the Fast Forward feature executes a javascript: URL in the context of the outermost frame, enabling remote XSS. Affected product: Opera browser; vulnerable component/behavior: framed page handling in Fast Forward. Impact per sources includes cross-sit...

CVE-2008-4695

CVE-2008-4695 affects Opera prior to 9.60. An attacker can predict the cache path of a cached Java applet and load it from the cache, causing the applet to execute in the local machine context and potentially expose sensitive data. Connected disclosures (SUSE/Gentoo GLSA entries) confirm Opera mu...

CVE-2008-4725

CVE-2008-4725 describes a Cross-site scripting (XSS) vulnerability in Opera 9.52 related to History Search where query-string data is not properly escaped before storage in md.dat. The issue allows remote attackers to inject scripts via History Search results. Connected sources confirm Opera 9.52...

CVE-2008-4694

Unspecified vulnerability in Opera before 9.60 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a redirect that specifies a crafted URL...

CVE-2008-4695

Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the local-machine context...

CVE-2008-4698

Opera before 9.61 does not properly block scripts during preview of a news feed, which allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds...

CVE-2008-4694

CVE-2008-4694 affects Opera prior to 9.60. The vulnerability arises from a crafted redirect URL that can cause the browser to crash (DoS) or allow remote code execution. Public sources in the connected docs corroborate that Opera 9.60 and earlier are impacted and note additional related issues (C...

CVE-2008-4697

The Fast Forward feature in Opera before 9.61, when a page is located in a frame, executes a javascript: URL in the context of the outermost page instead of the page that contains this URL, which allows remote attackers to conduct cross-site scripting XSS attacks...

Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution

bb var z=null; function x window.setTimeout"z=window.open'opera:historysearch?q=%2A';window.focus;",1500; window.setTimeout"z.close;",3000; window.setTimeout"location.href='mailto:'",3000; " onclick="x"Click me... s=document.createElement"IFRAME"; s.src="opera:config"; document.body.appendChilds;...

Opera <= 9.60 Stored Cross Site Scripting Vulnerability

No description provided by source. ======================================================================= = Opera Stored Cross Site Scripting Vulnerability = = Vendor Website: = http://www.opera.com = = Affected Version: = -- All desktop versions = = Public disclosure on 22nd October 2008 =...

Opera 9.50 9.61 historysearch Command Execution

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/projects/Framework/ requir...

Opera 9.509.61 historysearch - Command Execution (Metasploit)

Opera 9.509.61 historysearch - Command Execution Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Opera 9.529.60 - Persistent Cross-Site Scripting Code Execution

Opera 9.529.60 - Persistent Cross-Site Scripting Code Execution bb var z=null; function x window.setTimeout"z=window.open'opera:historysearch?q=%2A';window.focus;",1500; window.setTimeout"z.close;",3000; window.setTimeout"location.href='mailto:'",3000; " onclick="x"Click me...

Opera Web浏览器HTML注入及跨站脚本漏洞

BUGTRAQ ID: 31842 Opera是一款流行的WEB浏览器，支持多种平台。 Opera的9.61之前版本中的多个安全漏洞可能允许恶意用户执行脚本注入攻击、绕过某些安全限制或泄露敏感信息。 1 History Search功能没有正确地过滤某些输入，用户在查看恶意数据时可能在用户的浏览器会话中注入任意HTML和脚本代码，导致泄露之前所访问的页面。 2 实现Fast Forward功能中的错误可能允许通过特制的JavaScript URL在受限制的帧中执行任意脚本代码。 3 在预览新闻源期间时阻断脚本存在错误，可能导致泄露所订阅新闻源的内容，或将用户订阅到任意的新闻源。 Oper...

Opera 9.52/9.60 Stored Cross Site Scripting Code Exec PoC

Exploit for unknown platform in category remote exploits ========================================================= Opera 9.52/9.60 Stored Cross Site Scripting Code Exec PoC ========================================================= bb var z=null; function x...