CVE-2008-4696

Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
operaopera
𝑥
≤ 9.6
operaopera
5..10
operaopera
5.0
operaopera
5.1
operaopera
5.2
operaopera
5.3
operaopera
5.4
operaopera
5.5
operaopera
5.6
operaopera
5.7
operaopera
5.8
operaopera
5.9
operaopera
5.11
operaopera
5.12
operaopera
6.0
operaopera
6.01
operaopera
6.02
operaopera
6.03
operaopera
6.04
operaopera
6.05
operaopera
6.06
operaopera
7.0
operaopera
7.0:beta_2
operaopera
7.01
operaopera
7.02
operaopera
7.03
operaopera
7.10
operaopera
7.11
operaopera
7.20
operaopera
7.20:beta7
operaopera
7.21
operaopera
7.22
operaopera
7.23
operaopera
7.50
operaopera
7.50:beta_1
operaopera
7.51
operaopera
7.52
operaopera
7.53
operaopera
7.54
operaopera
7.54:update_1
operaopera
7.54:update_2
operaopera
8.0
operaopera
8.0:beta_1
operaopera
8.0:beta_2
operaopera
8.0:beta_3
operaopera
8.01
operaopera
8.02
operaopera
8.50
operaopera
8.51
operaopera
8.52
operaopera
8.53
operaopera
8.54
operaopera
9.0
operaopera
9.0:beta_1
operaopera
9.0:beta_2
operaopera
9.01
operaopera
9.02
operaopera
9.10
operaopera
9.20
operaopera
9.20:beta_1
operaopera
9.21
operaopera
9.22
operaopera
9.23
operaopera
9.24
operaopera
9.25
operaopera
9.26
operaopera
9.27
operaopera
9.50
operaopera
9.50:beta_2
operaopera
9.51
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
opera
intrepid
dne
hardy
dne
gutsy
dne
dapper
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html
http://secunia.com/advisories/32299
http://secunia.com/advisories/32394
http://secunia.com/advisories/32538
http://security.gentoo.org/glsa/glsa-200811-01.xml
http://securityreason.com/securityalert/4504
http://www.openwall.com/lists/oss-security/2008/10/21/6
http://www.openwall.com/lists/oss-security/2008/10/22/5
http://www.opera.com/docs/changelogs/freebsd/961/
http://www.opera.com/docs/changelogs/linux/961/
http://www.opera.com/docs/changelogs/mac/961/
http://www.opera.com/docs/changelogs/solaris/961/
http://www.opera.com/docs/changelogs/windows/961/
http://www.opera.com/support/search/view/903/
http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf
http://www.securityfocus.com/archive/1/497646/100/0/threaded
http://www.securityfocus.com/bid/31869
http://www.vupen.com/english/advisories/2008/2873
https://exchange.xforce.ibmcloud.com/vulnerabilities/46003
https://www.exploit-db.com/exploits/6801
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html
http://secunia.com/advisories/32299
http://secunia.com/advisories/32394
http://secunia.com/advisories/32538
http://security.gentoo.org/glsa/glsa-200811-01.xml
http://securityreason.com/securityalert/4504
http://www.openwall.com/lists/oss-security/2008/10/21/6
http://www.openwall.com/lists/oss-security/2008/10/22/5
http://www.opera.com/docs/changelogs/freebsd/961/
http://www.opera.com/docs/changelogs/linux/961/
http://www.opera.com/docs/changelogs/mac/961/
http://www.opera.com/docs/changelogs/solaris/961/
http://www.opera.com/docs/changelogs/windows/961/
http://www.opera.com/support/search/view/903/
http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf
http://www.securityfocus.com/archive/1/497646/100/0/threaded
http://www.securityfocus.com/bid/31869
http://www.vupen.com/english/advisories/2008/2873
https://exchange.xforce.ibmcloud.com/vulnerabilities/46003
https://www.exploit-db.com/exploits/6801