Lucene search
RootSSV:4382HistoryOct 31, 2008 - 12:00 a.m.
Opera Web浏览器历史搜索及链接面板跨站脚本漏洞
2008-10-3100:00:00
Root
www.seebug.org
16
0.19 Low
EPSS
Percentile
96.3%
BUGTRAQ ID: 31991
CVE(CAN) ID: CVE-2008-4795,CVE-2008-4794
Opera是一款流行的WEB浏览器,支持多种平台。
Opera的历史搜索没有正确地过滤某些用户提供参数,远程攻击者可以向历史搜索结构页面中注入恶意脚本,然后以提升的权限执行这些脚本并与Opera的配置交互。
链接面板可显示当前页面所有帧中的链接,包括JavaScript URL链接。当页面位于帧中的时候,就会在最外面的页面而不是URL所在的页面执行脚本。这可能导致以不相关帧的环境执行脚本。
Opera Software Opera < 9.62
Opera Software
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.opera.com” target=“_blank”>http://www.opera.com</a>
http://www.sebug.net/exploit/4996/
Related
openvas
openvas
Opera Web Browser Command Execution and XSS Vulnerabilities - Windows
2008-10-31 00:00:00
Opera Web Browser Command Execution and XSS Vulnerabilities - Linux
2008-10-31 00:00:00
Opera Web Browser Command Execution and XSS Vulnerabilities (Windows)
2008-10-31 00:00:00
nessus
nessus
Opera < 9.62 Multiple Vulnerabilities
2008-10-31 00:00:00
FreeBSD : opera -- multiple vulnerabilities (0e30e802-a9db-11dd-93a2-000bcdf0a03b)
2008-11-04 00:00:00
GLSA-200811-01 : Opera: Multiple vulnerabilities
2008-11-04 00:00:00
prion
prion
Cross site scripting
2008-10-30 20:56:00
Code injection
2008-10-30 20:56:00
nvd
nvd
CVE-2008-4795
2008-10-30 20:56:54
CVE-2008-4794
2008-10-30 20:56:54
cvelist
cvelist
CVE-2008-4795
2008-10-30 20:49:00
CVE-2008-4794
2008-10-30 20:49:00
cve
cve
CVE-2008-4795
2008-10-30 20:56:54
CVE-2008-4794
2008-10-30 20:56:54
ubuntucve
ubuntucve
CVE-2008-4795
2008-10-30 00:00:00
CVE-2008-4794
2008-10-30 00:00:00
freebsd
freebsd
opera -- multiple vulnerabilities
2008-11-03 00:00:00
gentoo
gentoo
Opera: Multiple vulnerabilities
2008-11-03 00:00:00